Posted on February 10th, 2011 No comments
From a purely PCI perspective, network printers pose a network risk if they connect to any in-scope systems. At the least, your PCI penetration testing should identify any multi-function printers or scanners and make sure any usernames and passwords are protected.
Continue reading here:
Is A Network Printer Increasing Your PCI Vulnerability?
Posted on February 3rd, 2011 No comments
For PCI Columnist Walt Conway, things are busy right now. He is doing work for various departments at one university
What Universities Can Teach Retailers About PCI
Posted on December 13th, 2010 No comments
As retailers implement plans for mobile commerce, they are running into a frustrating situation: the PCI Council is not validating any mobile apps. Interestingly, says PCI Columnist Walt Conway, it’s the same roadblock that stymies the developers of those same retailers’ mobile payment applications and their PA-QSAs.
See the rest here:
Acquirers Rush In Where PCI Fears To Tread: Mobile
Posted on December 12th, 2010 No comments
It isn’t just the military. All manner of government agencies, universities, hospitals, Internet service providers, telecoms and, yes, even retailers keep personally identifiable information (PII) that the bad guys would love to get. Consider your private label card database, pens PCI Columnist Walt Conway
PCI Is Not Just For Cardholder Data Anymore
Posted on October 31st, 2010 No comments
With the mobile phone on the cusp of becoming a device for performing financial transactions, are we also on the cusp of a corresponding tsunami of criminal attacks on the mobile channel? Not to be alarmist, but yes, says GuestView Columnist Nick Holland. And there are already horror stories.
The rest is here:
Horror Stories of Mobile Money Fraud
Posted on October 22nd, 2010 No comments
You can look at PCI DSS as set of 226 questions, all of which ask if you meet each particular requirement.
Read more from the original source:
The Most Important Question Your QSA Can Ask
Posted on October 7th, 2010 No comments
What would you do if your tokenization vendor goes out of business or gets acquired by a company with a whole different approach to tokenization? This is the ever awkward but increasingly important question every IT executive looking at tokenization needs to ask. The reality is that there are many firms in the tokenization space today, and you cannot count on all of them being around forever.
See original here:
If Your Token Vendor Goes Bankrupt, What Happens To Your Data?
Posted on October 1st, 2010 No comments
Next month, millions of adorable merchant IT executives will dress up and pretend to be responsible adults who are experts in all manner of security. They'll walk down Tokenization Street, going from one security vendor to another, holding out their brightly colored IT environment bags and ask, “Token Trick Or Treat?” Some will get delicious chocolate, which will cost-effectively protect their payment data. Others, unfortunately—like CSO Charlie Brown—will get a rock
Go here to read the rest:
Playing Token Trick Or Treat
Posted on September 15th, 2010 No comments
PCI's logging requirements present a particular challenge for retailers, especially those with multiple store locations.
Continue reading here:
So Many Logs, So Little Time
Posted on October 8th, 2009 No comments
Visa’s just-announced best practices are designed to provide guidance and give tacit endorsement to existing end-to-end encryption and, to some extent, tokenization. Merchants are likely to see it as “something else to do” and as further evidence that the card brands will continue to go their own way relative to data security, despite the PCI DSS industry standards.But PCI Columnist David Taylor sees something else interesting here. “For the last 4-5 years, companies have been told that achieving PCI compliance is much easier if they segment their network.
Does Visa’s Encryption Statement Offer A “Tacit Endorsement”?