Email Alerts
-
Download presentations from Financial Information Security Decisions 2010
Learn from the industry's leading information security experts who gathered to share proven security strategies. If you couldn't make it to New York City for the event, you can catch up here. Conference supplement
-
Download presentations from Financial Information Security Decisions 2009
Download a number of the compelling presentations from the 2009 Financial Information Security Decisions conference. Conference supplement
-
Financial Information Security Decisions 2008: Presentation downloads
Download a number of the fascinating presentations from the 2008 Financial Information Security Decisions conference. Conference supplement
-
PCI virtualisation: With new guidelines, compliance may be harder
New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible. News | 14 Jun 2011
-
Visa: Banks shouldn't force merchants to store full card data
Visa clarifies its rules and says acquirers and issuers must accept truncated numbers for dispute resolution. Article | 15 Jul 2010
-
Should there be PCI security requirements for bank account data?
Gartner analyst wonders why no PCI-like standard exists for bank account information, which online criminals are targeting. Article | 18 May 2010
-
Firewall audit tools aid compliance
Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirements Article | 25 Feb 2010
-
Rethinking compliance audit software
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position. News | 23 Feb 2010
-
Visa probes tokens, encryption for PCI card data protection
Visa issued payment industry best practices that outline the use of encryption and tokenization to protect credit card data. Article | 07 Oct 2009
-
First Data, RSA push tokenization for payment processing
The encryption-token service could compete against vendors offering format preserving encryption to secure payment transactions. Article | 22 Sep 2009
-
RBS WorldPay agrees to market VeriFone end-to-end encryption
Payment processor will promote VeriFone's technology for end-to-end encryption of payment card data to its merchants. Article | 11 Aug 2009
-
MasterCard increases PCI compliance requirements for some merchants
Company now requires merchants that process one million to six million transactions annually to have onsite assessment by a PCI QSA. Visa says it won't follow suit. Article | 29 Jun 2009
-
Two conversations about risk assessment
A couple discussions illustrate how security professionals can have radically different understandings of risk assessment, David Schneier writes. News | 12 Jun 2009
- See more News on PCI DSS: Audits and requirements
-
PAN truncation and PCI DSS compliance
What do Visa's PAN truncation guidelines mean for merchants and their acquiring banks? Security experts Ed Moyle and Diana Kelley provide analysis. Tip
-
PCI DSS requirement: Maintaining a vulnerability management program
The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place. Tip
-
Weighing the pros and cons of end-to-end encryption and tokenization
With PCI DSS and other compliance requirements, organizations are looking for surefire solutions to protect payment card and other sensitive data. Tokenization and end-to-end encryption have emerged as promising technologies, but as Dave Shackleford ... Tip
-
Five things to do before your first PCI DSS compliance audit
Put these steps in motion before your organization's first PCI DSS compliance audit. Tip
-
PCI DSS: Writing an information security policy
The final set of PCI requirements relates to maintaining a security policy, and also addresses awareness training, personnel screening and managing service provider relationships. Tip
-
PCI DSS requirement: Monitoring and testing security
The fifth focus area of PCI-DSS requires regular monitoring of systems and activity, as well regular testing of controls. Tip
-
Vendor contract management: Regulatory guidance is risk-based
From federal guidance and industry standards to state laws, financial-services firms are subject to a variety of requirements for managing vendor information security risks by contract. Andrew M. Baer explains how the regulatory guidance is risk-base... Tip
-
Vendor audit and monitoring contractual rights
Federal regulations, state laws and industry standards all stress the need for financial institutions to audit and monitor third-party security as part of their vendor risk assessment. Consequently, third-party contracts must include vendor auditing ... Tip
-
PCI DSS requirements include strong access control procedures
The fourth focus of PCI DSS requirements governs how organizations enable and restrict access to cardholder data and limit physical access to cardholder data. Tip
-
Companies lagging in PA DSS compliance
The Payment Application Data Security Standard (PA DSS) has been around for nearly two years, but companies aren't rushing to comply, according to David Taylor of the PCI Knowledge Base. He explains the reasons behind the lag and its impact on an org... Tip
- See more Tips on PCI DSS: Audits and requirements
-
Rerunning background checks
My organization already does background checks as part of the hiring process. Will it be necessary to run them again as part of a PCI compliance process? If so, to what standard? Ask the Expert
-
tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Definition
-
CISP-PCI (Cardholder Information Security Program - Payment Card Industry Data Security Standard)
CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.... Definition
-
PayPal CISO: Laws must foster better cybersecurity information sharing
PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security. Video
-
PCI DSS: Best practices for compliance
In this video, learn about the greatest challenges to PCI compliance, as well as dealing with application security for compliance, encryption and compensating controls. Video
-
PayPal CISO: Laws must foster better cybersecurity information sharing
PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security. Video
-
PCI virtualisation: With new guidelines, compliance may be harder
New guidelines on virtualisation issued by the PCI SSC show PCI compliance is possible within a virtualised environment, but may not be feasible. News
-
tokenization
Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Definition
-
PAN truncation and PCI DSS compliance
What do Visa's PAN truncation guidelines mean for merchants and their acquiring banks? Security experts Ed Moyle and Diana Kelley provide analysis. Tip
-
Visa: Banks shouldn't force merchants to store full card data
Visa clarifies its rules and says acquirers and issuers must accept truncated numbers for dispute resolution. Article
-
Download presentations from Financial Information Security Decisions 2010
Learn from the industry's leading information security experts who gathered to share proven security strategies. If you couldn't make it to New York City for the event, you can catch up here. Conference supplement
-
PCI DSS requirement: Maintaining a vulnerability management program
The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place. Tip
-
Should there be PCI security requirements for bank account data?
Gartner analyst wonders why no PCI-like standard exists for bank account information, which online criminals are targeting. Article
-
Firewall audit tools aid compliance
Enterprises are turning to firewall audit tools to automate the process of analyzing firewall rules and meet compliance requirements Article
-
Rethinking compliance audit software
After nearly a decade of railing against software as a solution to address the challenges of regulatory/industry compliance, David Schneier says he's being forced to reconsider his position. News
- See more All on PCI DSS: Audits and requirements
About PCI DSS: Audits and requirements
The Payment Card Industry Data Security Standard (PCI DSS) applies to any company that processes, stores or transmits credit card data. Our PCI DSS topic is full of information on compliance requirements, standards, audits, fines and what's new in version 1.1. Learn about PCI DSS compliance and find best practices to help financial services firms comply with the Payment Card Industry Data Security Standard.