A Penetration Test Case Study: Retail
How a retailer with both brick and mortar and online stores reduced overhead costs to allow re-investment into the business by validating PCI DSS compliance through penetration testing.
Tag Archives: PCI DSS
THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?
As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]
A Merchant’s Guide to PCI SSC Compliance – HALOCK
A Merchant’s Guide to PCI SSC Compliance By Morgan Rickel PMP, QSA If you are a merchant considering the implementation of a mobile payment acceptance solution, or if you are currently using one, the Payment Card Industry Security Standards Council (PCI SSC) has determined that one of the major risk factors in validating mobile payment […]
VERSION 3.2 OF THE PCI DSS TO BE RELEASED IN Q2, ARE YOU READY?
Payment Card Industry Security Standards Council (PCI SSC) by Viviana Wesley, PCI QSA, ISO 27001 Auditor The Payment Card Industry Security Standards Council (PCI SSC) will be releasing version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) in the second quarter of 2016 and will become effective as soon as it’s published. PCI […]
EMV (Europay, MasterCard, Visa): THE COMING SHIFT IN LIABILITY
Author: Todd Becker, PCI QSA, ISO 27001 Auditor ‘Chip and PIN’, or EMV (“Europay, MasterCard, Visa”), is an open-standard set of specifications for smart card payments and acceptance devices and is a popular topic these days with HALOCK’s PCI clients. EMV is not a PCI requirement. However, there is a ‘liability shift’ in October 2015 that […]
HOW TO FIND THE RIGHT QSA
Author: Todd Becker, PCI QSA, ISO 27001 Auditor If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, […]
PCI DSS 3.1 RELEASED
Author: Viviana Wesley, PCI QSA The Payment Card Industry Data Security Standard (PCI DSS) version 3.1 was released today outlining a number of important changes.
PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography
SSL No Longer Considered Strong Cryptography Author: Viviana Wesley, PCI QSA. In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon. The change is related to vulnerabilities seen with Secure Socket Layer cryptography.
PCI v3.0 Transition Year Ends…With One More Deadline Looming
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA As we rang in the New Year, the transition year for PCI v3.0 compliance came to a close. All businesses are now required to be compliant with version three of the PCI Data Security Standard (DSS). But did you know that a handful of the requirements […]
Why A Penetration Test ≠ An Automated Vulnerability Scan
Both penetration tests and automated vulnerability scans are useful tools for managing vulnerabilities. While these are different testing methods, they are complementary and both should be performed.