PCI-DSS

PCI Data Security Standard 3.2 introduces new authentication, testing and policy requirements

The PCI Security Standards Council has issued version 3.2 of the PCI-Data Security Standard (PCI-DSS).  In a significant policy shift, the council also announced that future revisions to the standard will be issued more frequently than the 3-year major update cycle of the past. Primary changes include a new multifactor authentication requirement for those with access to [...]

By |2017-11-18T15:32:41-05:00April 30th, 2016|PCI-DSS|0 Comments

Massive Turkey data breach affects nearly half of its citizens, is nearly double the size of the 2015 U.S. OPM breach

Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point.  In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective.  While the [...]

By |2017-11-18T15:32:41-05:00April 6th, 2016|data breach, data security, EMV, PCI-DSS|0 Comments

You can’t make this up: FTC wants to know whether assessors are helping clients achieve PCI-DSS compliance

The FTC has questions about how PCI-DSS Qualified Security Assessors (QSAs) conduct their audits and recently ordered itself to study the issue. Merchants and service providers whose processing volume exceeds established volume thresholds are required to use a QSA to assess PCI compliance.  The FTC wants to know (among other things) whether QSAs are allowing clients to remedy potential PCI issues before their [...]

By |2017-11-18T15:32:42-05:00March 11th, 2016|CFPB, data security, FTC, PCI-DSS|0 Comments