The PCI Security Standards Council has issued version 3.2 of the PCI-Data Security Standard (PCI-DSS). In a significant policy shift, the council also announced that future revisions to the standard will be issued more frequently than the 3-year major update cycle of the past. Primary changes include a new multifactor authentication requirement for those with access to [...]
Yesterday's report of a massive data breach involving nearly half of the citizens of Turkey is the latest in a series of hacks designed to make a political or philosophical point. In this case, the hacker (or "hacktivist") apparently had a beef with the Turkish government, although financial gain may also have been an objective. While the [...]
The FTC has questions about how PCI-DSS Qualified Security Assessors (QSAs) conduct their audits and recently ordered itself to study the issue. Merchants and service providers whose processing volume exceeds established volume thresholds are required to use a QSA to assess PCI compliance. The FTC wants to know (among other things) whether QSAs are allowing clients to remedy potential PCI issues before their [...]
