The ongoing struggle to protect sensitive credit card data will continue to escalate. One of the requirements used to tackle this problem is the Payment Card Industry Data Security Standard (PCI DSS). However, one of the biggest challenges for PCI DSS compliance initiatives is treating the standard as a unique and...
Any organization that deals with credit card information must secure payment card data in accordance with PCI standards.
Merchants and service providers are required to validate compliance by assessing their environment against 12 major control categories applicable to applications and data in the data center and the...
The PCI Council has just released PCI DSS 3.1, which calls for mothballing the SSL encryption protocol. What do security leaders need to know about the revised standard? Troy Leach of the council offers insights.
Troy Leach of the PCI Security Standards Council says data security standards are not failing; they just aren't being applied continuously. And conformance with the Payment Card Industry Data Security Standard is just one piece of the puzzle.
In the wake of recent POS breaches, like the one suspected at Home Depot, forensics experts say more banks are taking proactive steps to help merchant clients mitigate their risk of cyber-attacks.
In the second full day of RSA 2014, ISMG's editors record exclusive video interviews with Troy Leach of the PCI Council, Adam Sedgewick of NIST and Gartner's Avivah Litan. What insights do these thought-leaders share?
Losses linked to retail breaches have fueled class action lawsuits on behalf of consumers. But Javelin's Al Pascual says banks are soon likely to take legal action, too, in breach cases that expose cards and lead to fraud.
So-called patent trolling is getting attention from banking leaders and the White House. As patent attorney James Denaro points out: "Essentially every single financial institution is at risk of being accused of infringement."
When do you want to use tokenization over encryption? How do these two technologies help you address security issues, and which is suitable for compliance? How do you decide which is better? You'll find the answers in this independently researched white paper written by data security analyst firm Securosis which helps...
Data breaches are more likely to come from inside your walls than outside. Without a way to manage user access, a privileged user can endanger your system at length before you discover it. To protect against that risk - and the chance of failing a PCI or SOX audit - you need to ensure privileged users can't abuse...
Bashas' network attack highlights how PCI compliant companies can still be breached. So what steps should merchants take to ensure better security, and how should banks help them?
Peer-to-peer, near-field communications and barcode scans are revolutionizing mobile payments. What unique risks do these emerging technologies pose to banking institutions? Two FDIC executives offer insights.
To acknowledge individuals and organizations that are playing critical roles in shaping the way financial services organizations approach information security and privacy, BankInfoSecurity announces its inaugural list of Influencers.
Whether security data is coming from cloud-based operations, virtual systems, on-premise systems or third-party outsourced PCI services, Splunk Enterprise can be used to achieve PCI compliance and to improve an enterprise-level security posture. By monitoring all log data, services, processes and port activities,...
Visa's new end-to-end encryption service aims to eliminate payment card data at the merchant level. Eduardo Perez of Visa's Risk Group discusses the security value of this emerging solution.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.