Blog Posts Tagged with "PCI"


Webcast: Enterprise Security Trends To Watch For In 2015

February 12, 2015 Added by:InfosecIsland News

Please join Virtustream and SecurityWeek on Wednesday, Feb. 18th at 1PM ET for a live webcast on enterprise security trends.

Comments  (4)


New PoS Malware Used to Target Interactive Kiosks

November 27, 2014 Added by:Eduard Kovacs

A new piece of malware designed to steal data from point-of-sale (PoS) terminals has been found on electronic kiosks, including on public transport ticket vending machines, IntelCrawler reported on Wednesday.

Comments  (2)


What to Expect When You're NOT Expecting: 7 Steps of a Professional Forensic Investigator

October 02, 2013 Added by:Stephen Marchewitz

A brief understanding of the process, time and overall cost of a Card Holder Data. All information contained in this article is for the purposes of awareness and education. If you have experienced a breach, contact a PFI company immediately.

Comments  (0)


Passing the New Guidelines on PCI Risk Assessments

March 07, 2013 Added by:Stephen Marchewitz

While PCI DSS compliance has been a requirement for several years now, it’s been fairly subjective as to what a compliant program looks like and how an organization actually goes about it. While that can still look to be the case, here are a few things to consider.

Comments  (0)


Third Party Service Providers and PCI Compliance

September 25, 2012 Added by:PCI Guru

If a third party is providing your organization a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party must ensure that the service complies with all relevant PCI requirements...

Comments  (3)


Pre-Authorization Data: The Definitive Answer

September 03, 2012 Added by:PCI Guru

Just to be clear, I have never argued that pre-authorization data was not to be secured with the same diligence as post-authorization data. I just could not find anything in the PCI DSS that explicitly called out the coverage of pre-authorization data.

Comments  (0)


Wanna Buy Some Dumps?

July 07, 2012 Added by:Robert Siciliano

“Dumps” are batches of stolen credit card numbers. This example of a criminal’s sales pitch for stolen dumps came to me through a comment on a blog post I wrote about credit card security. Go figure. If you scan the following message line by line, you’ll see there’s a great deal of thought put into the pitch...

Comments  (13)


More on PCI Scoping

June 22, 2012 Added by:PCI Guru

“At least annually and prior to the annual assessment, the assessed entity should confirm the accuracy of their PCI DSS scope by identifying all locations and flows of cardholder data and ensuring they are included in the PCI DSS scope"...

Comments  (1)


Close Encounters of the Third (Party) Kind...

June 06, 2012 Added by:Neira Jones

There are numerous third parties and cloud providers around. A few have already achieved a dominant position, but a recent article highlighted that "others have opportunities to get into the act by offering more security and protection". So there you are, security can be a unique selling proposition...

Comments  (0)


Building an AppSec Training Program for Development Teams

March 07, 2012 Added by:Fergal Glynn

A holistic application security approach that includes integrating developer training with static analysis and advanced remediation techniques will help reduce overall risk across your enterprise application portfolio and will strengthen your security program...

Comments  (0)


Remember, Security Predictions Make...

February 15, 2012 Added by:Wendy Nather

Security predictions can be a great way of starting conversations if you look at them the right way. If you look at them the wrong way, they're great for raising a huge chorus of "Nuh-UH!" or even "You're kidding, right? Call the coroner..."

Comments  (0)


Cyber Crime Creates More Victims Per Hour than Babies Born

December 10, 2011 Added by:Kelly Colgan

As more shoppers turn to their laptop, iPads and mobile phones to get items crossed off their list, thieves are on the prowl to hack into systems to obtain customer information – email addresses, passwords, credit card data, PayPal account info, etc...

Comments  (0)


Controls Have to be Executed Perfectly Every Day

December 04, 2011 Added by:PCI Guru

Security is not perfect, and controls have to be executed perfectly every day, every year - else that is where things always go awry. If you execute controls consistently, your organization should be very difficult to compromise and the bad guys will find an easier target...

Comments  (0)


e-Commerce Risks for Cyber Monday and the Holidays

November 28, 2011 Added by:John Nicholson

To deal with the potential volume, they can turn to cloud-based services to add capacity and prevent the site from crashing, but as we'll discuss below, the availability commitments made by many cloud services create their own risks...

Comments  (0)


Affiliate Marketing Scam

November 21, 2011 Added by:Mark Baldwin

Just about every adult website has an affiliate program and it is not uncommon for scammers to look for ways to take advantage of these programs. I was recently informed by a large payment gateway operator of a scam that is currently in operation. Here is how it works...

Comments  (2)


The Evolution of Online Fraud Prevention

October 27, 2011 Added by:Robert Siciliano

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them. Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation...

Comments  (0)

Page « < 1 - 2 - 3 - 4 > »