Every month, SecureState CEO Ken Stasiak addresses the hottest topics in information security, providing his unique spin on all the issues. Continue reading
Since 2004, the VISA, MasterCard, Discover, American Express and JCB driven Payment Card Industry – Data Security Standard (PCI-DSS) has encouraged the proper storage, processing, and transmission of credit card data. As the industry prepares for the next rendition, PCI DSS 3.0 due out later this year, this blog will review the material likely changes.
Credit Card Breaches – Payment Card Investigations
We have all read recent news stories about companies that have been breached and had credit card information stolen. By following the Payment Card Industry Data Security Standard (PCI-DSS) requirements, companies could have prevented most of the breaches relating to cardholder data (CHD). So rather than focus on what to do before you experience a breach, this article deals with the aftermath of a breach event. Continue reading
Interpreting development specs is challenging enough, but writing code without analyzing the regulatory business ramifications rarely ends well. Typically the process assumes your business leaders and partners understand the regulatory environment, the impact to application functionality, and that they can successfully articulate the requirements to the development team. But often the message is muddled, because of a lack of understanding. So put on your red cape (blue tights optional), and read some compliance strategies to take your career to the next level.
Credit Card data is a crown jewel for cybercriminals. While organizations may have a legitimate business need to store cardholder data (CHD) as a part of their business process, storing that data on your systems makes your organization a target. The PCI-DSS allows for the storing of CHD, provided that a business justification is well documented and adequate security controls are in place. If you are a company or line of business manager who feels you need to store CHD, consider the list of bad reasons detailed below and possibly revisit your business model to limit storing CHD, or better yet, stop collecting it!
Healthcare workers and medical professionals are acutely aware of their obligation to keep protected health information (PHI) confidential, thanks to the Healthcare Insurance Portability Accountability Act (HIPAA) enacted in 1996. The media reports, almost daily, on stories of PHI left unprotected, resulting in fines and settlements. Due to those facts, many businesses are focus on protecting PHI data, which is good, but often patient financial data, such as credit card information, ends up becoming less of a priority.
Businesses that store, process, or transmit credit card data are required to prove PCI compliance every year. For seasoned PCI veterans, this process often proves challenging.
PCI compliance can be confusing and challenging when you first start down that path. Even if you have been through a PCI audit, or several, the requirements and vast number of controls can seem overwhelming. There are some things that you can do to make your life, and your assessor’s life, easier and make for a smoother audit.