• PCI security standard remains solid, chief says

    Posted February 5, 2014 - 12:40 pm

    The head of the organization in charge of maintaining security controls over credit card transactions insisted Monday that its standards remain solid despite the concerns raised by data breaches at Target and other companies.
  • 5 things you need to know about new Payment Card Industry (PCI 3.0) standard

    Posted November 7, 2013 - 12:17 pm

    There's a new version of the Payment Card Industry standard for network security -- PCI 3.0 – out today from the group overseeing its publication, the PCI Security Standards Council.
  • Forthcoming PCI changes will bring challenges for payment card network community

    Posted October 1, 2013 - 3:48 pm

    Organizations that make use of SSH keys for secure access to servers should be aware that they may need to make some changes soon when it comes to managing any of their networks related to payment-card processing, according to the CEO of SSH Communications security, Tatu Ylonen.
  • Download the PCI Compliance Deep Dive report

    Posted February 8, 2013 - 12:48 pm

    Compared with other regulations, the PCI standard makes specific and productive recommendations -- and fines for noncompliance are common. Here's how to make sure you're implementing this security standard properly
  • Changes to PCI rules: What you need to know

    Posted June 28, 2012 - 3:04 pm

    The Payment Card Industry (PCI) rules related to the security of customer card information play a big role in network design, and with some updated modifications to the PCI Data Security Standards (DSS) 2.0 guidelines kicking in at the end of the month, here's what you need to know.
  • Can virtual machine and cloud systems secure PCI payment card data?

    Posted June 14, 2011 - 6:42 am

    Can sensitive payment card data be processed and held in virtual-machine (VM) systems or cloud-computing environments?
  • Survey on PCI: How it's impacting network security

    Posted January 12, 2011 - 12:09 pm

    A survey of 500 information technology professionals with responsibility to assure compliance with the Payment Card Industry (PCI) security standard shows just over half find it "burdensome but necessary" in their organizations and about a third see it impacting their virtualized network environments in particular in the future.
  • PCI security group speaks out on encryption

    Posted October 5, 2010 - 4:36 pm

    The organization in charge of defining security for the payment-card industry's merchants and service providers Tuesday issued two guidance papers, the first on end-to-end encryption and the second on payment card technology used more commonly in Europe than the United States.
  • What's wrong with the PCI security standard

    Posted April 29, 2010 - 9:15 pm

    The security standard used to protect credit cards isn't up to the task and upgrades that are planned for this fall do virtually nothing to improve it, a security expert told Interop attendees this week.
  • End-to-End Encryption: The PCI Security Holy Grail

    Posted September 10, 2009 - 3:45 pm

    Many of the data breaches of the past few years could have turned into non-incidents if the data had been encrypted.
  • 4 Ways to Get the Most from Your PCI QSAs

    Posted September 10, 2009 - 8:43 am

    CSOonline polled security experts who have performed and received assessments in an effort to create a brief checklist for getting the company-QSA relationship off to the best possible start. Here are four key suggestions:
  • PCI security rules may require reinforcements

    Posted April 13, 2009 - 3:06 pm

    The PCI standard, long touted as one of the private sector's strongest attempts to regulate itself on IT security, is increasingly being slammed by critics who claim that the rules aren't doing enough to protect credit and debit card data.
  • Visa pilots new payment card security initiatives

    Posted March 19, 2009 - 9:22 pm

    Acknowledging the need for controls that go beyond those offered by the Payment Card Industry (PCI) Data Security Standard, a senior Visa Inc. executive Thursday described two new initiatives to reduce payment card fraud being tested by the company.
  • Security Headlines from 2008: The Year In Review

    Posted December 22, 2008 - 11:02 am

    Thank goodness I'm not a gossip columnist! Those guys have to deal (sort of) with the world as it is, rather than as it should be. Here, I get to decide what should have been news-worthy (but wasn't) or to rewrite history a little bit based upon the impact of tiny little events that everyone overlooked. Better still, I get to point and say "you should overlook that one!" Without further ado, then, here are some of the important stories from 2008:
  • Complying with payment card security requirements

    Posted December 9, 2008 - 3:02 pm

  • Credit Cards at McDonald's

    Posted November 8, 2008 - 2:51 am

    One of the more interesting doom and gloom stories I've seen recently is from John Mauldin's Thoughts From the Frontline newsletter. He says McDonald's is now the second largest merchant card processor. Does that mean we're paying for our cheap fast food at 29 percent interest rates?
  • Compliance or Security?

    Posted October 15, 2008 - 10:52 pm

    My friend Jesper Jurcenoks, CTO of NetVigilance, a firm that provides network vulnerability testing products, keeps me up to date on all the doings with various PCI (Payment Card Industry) security doings. At a recent PCI conference, JJ (easier than saying Jesper Jurcenoks, and a nickname he provides), heard a line in passing he wishes he came up with. I think I'll steal it from him.
Join us:






Join today!

See more content
Ask a Question