Organisations that fall within Levels 2â4 of the PCI DSS (Payment Card Industry Data Security Standard) can attest to compliance with an SAQ (self-assessment questionnaire). You will fall into one of those levels if your organisation processes fewer than six million card transactions per year. There are several types of questionnaire, and in this blog we help […]
Much attention and excitement within the security world has recently been focused on the lucrative surge in crypto-mining malware and hacks involving or targeting cryptocurrency implementations themselves. Yet the volume of âreal worldâ transactions for tangible goods and services currently paid for with cryptocurrency is still relatively niche in comparison to those that are being […]
The ultimate guide to PCI DSS compliance Luke Irwin  If your business handles debit or credit card data, youâve probably heard of the PCI DSS (Payment Card Industry Data Security Standard). Itâs an information security framework designed to reduce payment card fraud by requiring organisations to implement technical and organisational defence measures. We explain everything you […]
Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systemsâ firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the […]
As payment technologies evolve, so do the requirements for securing cardholder data. Source: Slideshows – Dark Reading PCI DSS: Looking Ahead to Version 4.0 3 Primary Goals for PCI DSS Version 4.0 What is PCI DSS? | A Brief Summary of the Standard How to Achieve PCI DSS Compliance on AWS Subscribe to DISC InfoSec […]
 Council Issues Guidelines to Address Security Shortcomings In its just-released guidelines for ongoing risk assessments, the Payment Card Industry Security Standards Council notes three specific areas for improvement. The guidelines, which are intended for any organization that handles credit or debit card data, offer specific recommendations for risk assessments, such as how to create […]
There is a big misconception out there that PCI DSS compliance does not apply to us, because we are relatively a small company The fact is PCI DSS must be met by all organizations that transmit, process or store payment card data. Also business owner want to know what is ROI on PCI compliance. It […]
Image by purpleslog via Flickr 45 States followed California when they introduced “SB1386”, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements. Similarly to the SB1386 Law, California, Massachusetts & Texas are already looking at making PCI DSS Law and history tells us that when California moves, everyone else follows! […]
Usually security breach occurs due to lack of basic security controls or lack of effective control which is not relevant over the time. Security controls also disintegrate over the time due to lack of maintenance and monitoring. According to Privacy Rights Clearinghouse survey, the top three breaches resulted from laptop theft, software or human error, […]
 During this down turn economy organized cyber crime is a booming underground business these days. Most of the security expert and FBI agree that cybercrimes are on the rise and pose a biggest threat to US vital infrastructure. Cybercriminals are thieves in cyberspace who will swipe the sensitive data and sell to other criminals […]
M1 – We are relatively small company so we donât have to worry about PCI compliance F1 â The PCI DSS must be met by all organizations that transmit, process or store payment card data M2 â PCI DSS is either a regulation or a standard F2 â Itâs a neither a standard nor a […]
The PCI DSS (Payment Card Industry & Data Security Standard) was established by credit card companies to create a unified security standard for handling credit card information. The retail service industry now understands the strategic significance of PCI DSS compliance, which was demonstrated when TJX announced that their system was compromised for more than 17 […]
