CUInfoSecurity.com - Information Security News, Regulations, & Education  

Username:
Password:
Anti-Money Laundering
Business Continuity & Disaster Recovery
Leadership Management
Physical Security
Training & Education
Webinar Calendar
Vendor Directory
Products
Events
 

Payment Card Industry Data Security Standard

< Back

 TJX Breach Helped PCI Compliance

But More Work Necessary to Secure Customer Data, Confidence

If the TJX data breach had not occurred, the increased push by retailers to comply with Payment Card Industry Data Security Standard (PCI-DSS) also may not have happened. This much-publicized incident seems to be the one that has most spurred merchants and financial institutions to realize the need for stronger data security.



> Read entire article (log in required - registration is free) TOP


 Transcript of Bruce Sussman Podcast

RICHARD SWART: Hi, this is Richard Swart with Information Security Media Group, publishers of BankInfoSecurity.com, and CUInfoSecurity.com. Today, we will be speaking with Bruce Sussman, the Senior Manager at Crowe Chizek, who has almost 20 years of experience in the banking information security and audit community. Good afternoon, Bruce



> Read entire article (log in required - registration is free) TOP


 TJX Lesson: PCI Compliance Might Stop Data Breaches

Two members of the PCI Standards Council who are database security experts say the way to prevent a TJX-type breach from happening at your institution is simple -- be compliant with the Payment Card Industry Data Security Standard.



> Read entire article (log in required - registration is free) TOP


 PCI Primer — Start With Self-Assessment

If you’re a small or medium sized financial institution and you’ve avoided looking at the Payment Card Industry’s Data Security Standard, it’s still out there waiting.  However, according to information security expert Tony Bradley, co-author of the book “PCI Compliance,” financial institutions don’t have to spend more money to begin compliance efforts.

> Read entire article (log in required - registration is free) TOP


 PCI Update: Do You Know Where Your Data is?

Current Protection Practices May Put Information at Risk

While financial institutions are doing a “better job” than other businesses grappling with the Payment Card Industry’s Data Security Standards, there are still compliance questions that need closer examination, according to David Taylor, president and CEO of the Payment Card Industry Security Vendor Alliance (PCI SVA)



> Read entire article (log in required - registration is free) TOP


 Who's Afraid of PCI? No Need For Fear, Just Compliance

When talking about data breaches and the need for security, whenever credit or debit cards are mentioned, the words "Payment Card Industry Data Security Standards" will appear. This apparently causes many in the financial services and retail industries to reach for that bottle of aspirin and a glass of water.

Retailers such as TJX already know the pain caused by non-compliance. Other retailers should think of taking time to secure their networks after reading the news from TJX that the large (47 million customer accounts compromised) from earlier this year will set TJX back an estimated $150 million.



> Read entire article (log in required - registration is free) TOP


 Black Hat USA 2007 Briefing

Over 3,700 security professionals gathered in Las Vegas early this month to preview the latest threats and to see firsthand what new attacks and compromises are coming. This year’s conference was substantially bigger than last year’s and included significant representation from vendors and the white hat legitimate security community. Unfortunately, the news from Black Hat is not good for banking and finance executives.

> Listen to the Black Hat Conference 2007 vendor interviews

Numerous experts demonstrated attacks that could be launched without creating malicious script. Many features of commonly used protocols, when used in creative ways, can expose users and companies to significant vulnerabilities. One of the more interesting presentations was by Bryan Sullivan and Billy Hoffman of SPI Dynamics on the vulnerabilities of AJAX applications. Many banks and other financial organizations are adopting AJAX to give their users a richer web experience.



> Read entire article (log in required - registration is free) TOP


 PCI Compliance Not Just for Retailers

The deadline of June 30th has come and gone, and thousands of companies have demonstrated that they are incapable of complying with a set of security guidelines to prevent data breaches and protect credit card data against identity theft. These security guidelines are from the Payment Card Industry (PCI).

> Read entire article (log in required - registration is free) TOP


 Payment Card Industry Date For Compliance Standards

As the compliance date set for June 30, 2007 has passed, thousands of companies have yet to show that they are in compliance with the Payment Card Industry Data Security Standards (PCI-DSS). The Payment Card Industry set that date for all organizations that store, process or transmit credit card payments were to be required to demonstrate compliance with PCI-DSS. Industry studies indicate that less than half of all affected businesses have met that deadline.

For those institutions and others who are compliant, “Don’t automatically assume if you’re compliant with PCI that the institution you are in charge of is safe. If you’re compliant with PCI that does not automatically get you past the monsters of data leakage,” said David Taylor

> Read entire article (log in required - registration is free) TOP





Terms of Service | Advertise | Archive | Site Map | Contact | Credit Union Information Security RSS Syndication RSS Syndication
Copyright © 2007 CUInfoSecurity.com