SBI Card, MasterCard and Collinson announced that the LoungeKey™ airport lounge program, which offers access to lounges at over 500 airports in over 100 countries, will be added as a new feature for the SBI Platinum Card and SBI World Card from October 1st.
Unity Bank plc has recorded a 1Q/14 26% profit before tax from the year ago period, corresponding with its mandatory annual re-certification of its PCIDSS. The bank also received its Report on Compliance (RoC) from the external Qualified Security Assessor (QSA), NetHost Legislation Ltd. This is in line with the directive from the Central Bank of Nigeria that all banks must achieve certification to the PCI standards, Unity Bank had successfully attained its certification on April 5, ahead of almost three-quarter of the banks in the country and is among the first to complete its annual recertification. The bank has also disclosed that to ensure that it continues to maintain its high security standards for the protection of card-holder data and card production environments, it is putting resources in place to train its own team of Internal Security Assessors (ISAs) to lead future recertification exercises and work with external Qualified Security Assessors (QSAs) to obtain RoC.
SureCloud added new features and functionality to its cloud-based GRC platform in readiness for the new PCI DSS 3.0 compliance standard. PCI DSS is the recognised compliance standard governing how credit card data is handled and version 3.0, published on 7 November, tightens up a number of areas that have been responsible for some merchants misinterpreting or potentially manipulating the standard’s real intention. To help merchants migrate easily from version 2.0 to version 3.0, the SureCloud platform has built-in assistance that automates the process in Asset inventory; 3rd party assurance; Penetration test management; and future-proofing for new versions of the PCI DSS.
The PCI Security Standards Council (PCI SSC) published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS). Available now on the PCI SSC website, version 3.0 becomes effective on 01 January 2014. Version 2.0 will remain active until 31 December 2014 to ensure adequate time for organizations to make the transition. Changes are made to the standards every three years, based on feedback from the Council’s global constituents per the PCI DSS and PA-DSS development lifecycle and in response to market needs. Proposed changes for version 3.0 were shared publicly in August, and Participating Organizations and assessors had the opportunity to discuss the draft standards at the 2013 Community Meetings prior to final publication.
The PCI Security Standards Council (PCI SSC), an open, global forum for the development of payment card security standards, published version 3.0 of the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS). Available now on the PCI SSC website, version 3.0 becomes effective on 01 January 2014. Version 2.0 will remain active until 31 December 2014 to ensure adequate time for organizations to make the transition. Changes are made to the standards every three years, based on feedback from the Council’s global constituents per the PCI DSS and PA-DSS development lifecycle and in response to market needs. Proposed changes for version 3.0 were shared publicly in August, and Participating Organizations and assessors had the opportunity to discuss the draft standards at the 2013 Community Meetings prior to final publication.
Over 500 global stakeholders in the PCI are set to attend the annual PCI Security Standards Council (SSC) European Community Meeting. Ground Labs, the leaders in cardholder data discovery software for PCI compliance, is supporting this year’s event in Nice, France and will participate in the Vendor Showcase. The PCI SSC Community Meetings provide an opportunity for SSC members to learn from each other’s experiences implementing the PCI Data Security Standards (PCI DSS) and in particular, provide feedback on the latest draft standard PCI DSS v3.0. Participants also have opportunities to make suggestions for improvements to the Standard and learn about best practices for protecting cardholder data as they interact with other industry stakeholders. The Vendor Showcase will present an opportunity for participants to interact with a broad variety of vendors servicing the payment card industry and learn about their important work in the field of cardholder data security.
The PCI Security Standards Council (PCI SSC) Participating Organizations selected cloud computing as a key area to address via the SIG process. More than 100 global organizations representing banks, merchants, security assessors and technology vendors collaborated on this guidance designed to help companies identify and address the security challenges for different cloud architectures and models, and understand their PCI DSS responsibilities when implementing these solutions. The PCI DSS Cloud Computing Guidelines Information Supplement builds on the work of the 2011 Virtualization SIG, while leveraging other industry standards to provide guidance on Cloud Overview, PCI DSS Considerations and PCI DSS Compliance Challenges, along with Additional Security Considerations.
Acumera Trusted Connection Services for convenience stores launched its PCI Audit Support to accelerate PCI compliance audits as part of Acumera’s PCI Tools solution. Acumera’s PCI Tools include automated external vulnerability scans with historical archiving, logging of PCI-related events, dynamically generated site network diagrams and clear identification of non-PCI payment application devices in the cardholder data environment. Acumera has completed its own PCI DSS compliance assessment and obtained an annual report on compliance (ROC), becoming a fully compliant service provider. Coalfire, a Qualified Security Assessor (QSA) firm, successfully completed the testing and controls validation of Acumera as a network and security service provider.
Etisalat has upgraded its PCI DSS certification for the Etisalat Payment Gateway. Etisalat’s Payment Gateway infrastructure was assessed by Paladion, the Qualified Security Assessor (QSA), recognized by PCI Security Standard Council. Paladion certified Etisalat’s compliance with PCI-DSS V2.0 as a payment service provider. Etisalat Payment Gateway is one of the first eCommerce Payment Service Providers in the region to have acquired PCI-DSS 2.0. Paladion worked closely with Etisalat to implement practical and cost effective solutions and processes to ensure 100 per cent compliance to the standard. This achievement clearly distinguishes Etisalat from its competitors and ensures the organization remains the best payment services option for its customers and end-users.
The PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), announced keynotes speakers for the Council’s Asia Pacific event in Singapore on Thursday, June 14 at the…
Foregenix has become one of the first Qualified Security Assessors (QSA) globally to be accredited by the PCI SSC as having the necessary skills and experience to guide and assess payment applications against its Point-to-Point-Encryption (P2PE) standards. The P2PE standard defines the requirements for Point-to-Point Encryption solutions, with the goal of significantly reducing the scope of PCI DSS assessments for merchants that use them. P2PE solutions focus on ensuring cardholder data is secured from the point of transaction all the way to the processor. Merchants who accept credit card transactions via P2PE approved solutions can significantly reduce the costs and risks associated with cardholder data and PCI DSS compliance.
Mike Isbister, a senior security consultant with Confide, is now Qualified Security Assessor (QSA) certified from the Payment Card Industry Security Standards Council and qualified to audit merchants for PCI DSS Compliance. Mike has a BSc (Hons) in computer science from Victoria University of Wellington and joined Confide last year as a senior security consultant. Confide is a Wellington-based company providing specialist assistance, advice and solutions to help merchants comply with PCI DSS.