Category: PCI DSS

Securely Swiping for Holiday Sales

Posted By: Alan Kessler, @kessalan
01 Nov
Categories : Data Security, Key Management, Mobile Payments, PCI DSS            Leave a comment           

It’s officially the first of November, which means the holiday shopping season is almost upon us. With Black Friday and Cyber Monday rapidly approaching, there’s no better time to discuss our evolution towards a digitally-oriented consumer shopping experience – and what it means for merchant and customer security. Click to Tweet: Securely Swiping for Holiday Sales @kessalan Just a decade ago, walking into a mall or local shop and handing over cash or a credit card to a […]

28 Aug

As we’re winding down to the end of VMworld today, now is a good time to summarize some of the key data security trends we’re seeing at the event. The first is that data, and the security of data within VMware clouds and environments, is now a hot topic. Not only did VMware announce a set of critical features tied to enhancing data security in today’s environment of “deperimeterization” for networks with the release of NSX 6.1, but the topic […]

A couple weeks ago, I shared two important lessons information security professionals could learn from Yahoo’s recent data breach. I wanted to highlight another “honoree” that reminds us that data breaches can have an adverse impact on any organization. In October, the state of South Carolina revealed it had been the victim of a data breach that resulted in the exposure of more than 3.8 million taxpayer records. Compromised data included social security and payment card numbers. While almost all […]

04 Dec
Categories : PCI DSS            Leave a comment            Tags: ,

In our last post entitled PCI DSS: The Basics, we provided a very high-level overview of the Payment Card Industry Data Security Standard. But knowing what the standard contains is a far cry from understanding how to implement solutions in such ways to create a compliant cardholder data environment. In this post, you will see a number of case studies that illustrate how Vormetric can be used to support PCI DSS compliance. Case Study – TAB Bank PCI DSS is […]

PCI DSS: The Basics

Posted By: Tina Stewart, @socialTIS
03 Dec
Categories : PCI DSS            Leave a comment            Tags: ,

The Payment Card Industry Data Security Standard, PCI DSS, remains one of the most challenging regulations with which companies must comply. Its Janus-faced qualities (some say it’s too prescriptive, while others complain that the standards are confusingly vague) make achieving and managing compliance difficult and time-consuming. The PCI DSS requires that all companies that store, process, or transmit cardholder data must comply with the standard. The standard consists of twelve top-level requirements, each with a series of sub-requirements that detail […]

Compliance & Security: Tomato, To-mah-to?

Posted By: Tina Stewart, @socialTIS
02 Apr
Categories : HIPAA, HITECH, PCI DSS, State Data Breach Notification            Leave a comment           

The very cleverly titled story on CSO Online “Barclays Contactless Card Users Exposed to Fraud” appears to suggest that Barclay Card’s Near Field Communication (NFC) cards are ‘vulnerable’ as the data is stored ‘unencrypted’. According to the story, using an NFC enabled smartphone, ViaForensics was able to capture the NFC data from the card. This data was subsequently used to make purchases through several merchants that were not using required fraud controls. When asked, Barclays stated that they were “in […]