As the lawsuits involving Heartland’s massive data breach move through the court system, an unusual claim was inserted into a court filing. The Sept
Officially, Visa and other card brands “discourage” retailers from using card data for non-transaction functions, such as CRM or other customer identification programs. But many retailers continue to do the forbidden practice and to do so openly
Posted on October 8th, 2009 1 comment
NEW YORK, NY — …in what appears to have been an accidental data breach, the city provided, as part of one data set, private information from representatives of women’s groups. A data file containing information on 1,100 such groups that had registered with the city’s Commission on Women’s Issues included fields for each participant’s “secret question” and…
Continue reading here:
City Admits Lapse in Data Release
Visa’s just-announced best practices are designed to provide guidance and give tacit endorsement to existing end-to-end encryption and, to some extent, tokenization. Merchants are likely to see it as “something else to do” and as further evidence that the card brands will continue to go their own way relative to data security, despite the PCI DSS industry standards.But PCI Columnist David Taylor sees something else interesting here. “For the last 4-5 years, companies have been told that achieving PCI compliance is much easier if they segment their network.
Does Visa’s Encryption Statement Offer A “Tacit Endorsement”?
Visa on Monday (Oct. 5) issued a document to ostensibly help retailers figure out how best to navigate the new encryption and tokenization landscape, but as a practical matter, the document did little beyond rehash conventional wisdom and long-standing Visa and PCI best practices
See the rest here:
Visa’s Retail Token Advice Of Token Value