Tag Archives: PCI DSS

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

OPTIONS FOR MERCHANTS USING MOBILE PAYMENT APPLICATIONS TO ACHIEVE AND MAINTAIN PCI COMPLIANCE

By Morgan Rickel  PMP, QSA If you are a merchant considering the implementation of a mobile payment acceptance solution, or if you are currently using one, the Payment Card Industry Security Standards Council (PCI SSC) has determined that one of the major risk factors in validating mobile payment acceptance applications with the Payment Application Data […]

EMV: THE COMING SHIFT IN LIABILITY

Author: Todd Becker, PCI QSA, ISO 27001 Auditor ‘Chip and PIN’, or EMV (“Europay, MasterCard, Visa”), is an open-standard set of specifications for smart card payments and acceptance devices and is a popular topic these days with HALOCK’s PCI clients. EMV is not a PCI requirement. However, there is a ‘liability shift’ in October 2015 that […]

HOW TO FIND THE RIGHT QSA

Author: Todd Becker, PCI QSA, ISO 27001 Auditor If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated.  The stakes have never been higher for large organizations that process payments.  With major data breaches constantly in the headlines like Target, […]

PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography

Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon.  The change is related to vulnerabilities seen with Secure Socket Layer cryptography.

Expecting the Unexpected, Removing Fear From a Security Incident

Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a will, there is […]