Have you ever heard of the supplementary validation for designated entities (a.k.a DESV)? If not, you should be happy. According to the Council’s FAQ for designated entities, “A Designated Entity is determined by an Acquirer or Payment Brand as an organization that requires additional validation to existing PCI DSS requirements. “ Organizations that view PCI…
The PCI Guru has an article about an issue with PCI DSS requirement 2.3.b https://pciguru.wordpress.com/2017/06/09/we-need-a-change-to-2-3-b/ Reminder of what 2.3.b is about: 2.3.b Review services and parameter files on systems to determine that Telnet and other insecure remote-login commands are not available for non-console access. And the guidance for 2.3 is: If non-console (including remote) administration…
Do you just click on anything in your inbox? Tsk. If so, here is a clickable ad for you:
This is an article based on old (2011) data. I used to have a post about it, but I think I lost it during a hosting provider changeover so I am going to rewrite it here referencing the old data for now. In April 2011, Ponemon (and Imperva) published the results of a study…
Today’s press release from the council announced efforts towards easing the resource constraints felt by QSA Companies. The PCI SSC is developing the Associate QSA certification with the goal of attracting new cyber talent to the program and easing the resource constraints felt by QSA Companies. This project is a first step in a phased…
The countdown is on for IATA Accredited Agents to be Payment Card Industry (PCI) Data Security Standard (DSS) compliant by June 1, 2017 IATA has issued the deadline to reduce the risks associated with payment card transactions and potential data breaches and made PCI DSS compliance a mandatory condition to obtain and retain accreditation as an…
The Register has a story about a breach at cloudy service supplier Aptos. Aptos has several cloud services. POS in the cloud. Ecommerce in the cloud (didn’t see that one coming!). etc. The timeline of what happened is: Feb 2016 – There was a breach and malware installed in the cloud. Nov 2016 – Aptos…
Best Practices for Securing eCommerce Information Supplement is a great doc full of comprehensive info! The objective of this information supplement is to update and replace the PCI DSS E-commerce Guidelines published in 2013. Its a comprehensive 64 page document. Useful info for anyone who does or is considering e-commerce. A couple of the tidbits…
It seems like PCI Assessments and large SharePoint file repositories go hand in hand. I am sure we have all learned a SharePoint trick or two like: How to open SharePoint sites in file explorer for easy file manipulation. Mapping a drive to a SharePoint site. Using Microsoft’s agent to synch a SharePoint site locally.…
A significant change triggers several required action for PCI DSS compliance. PCI DSS Requirement Annual Significant Change 6.6 • Web application vulnerability security assessments, AND/OR • Automated technical solution that detects and prevents web-based attacks, such as web application firewalls. Include tests for the vulnerabilities in 6.5.1 to 5.5.10 YES YES 11.2 internal and…