The National Association of Federal Credit Unions (NAFCU) says the transition to EMV cards is an important step in the process of data security, but it is not a silver bullet. Last week the FBI also reinforced EMV will help reduce counterfeit cards but until PINs are used at the POS fraud will continue.
Community banks reissued nearly 7.5 million credit and debit cards at a total reissuance cost of more than $90 million as a result of the Home Depot data breach.
Varolii Corporation achieved its annual recertification of Level 1 PCI DSS compliance With this annual recertification, Varolii maintains its standing as the first and only U.S. company in Software-as-a-Service customer interaction management industry to meet PCI DSS, ISO 27001 certification, Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) compliance. Fortune 1000 companies, including two of the three largest U.S. banks, three of the five largest health management companies, five of the top 10 airlines and 30 of the largest U.S. utilities, rely on Varolii to generate nearly one billion interactive, secure communications each year. Of these, more than half include sensitive healthcare or financial data. In fact, on a typical day Varolii communicates with consumers regarding payments totaling more than $12 billion in accounts receivable.
DANTOM Systems is pleased to announce the achievement of its annual recertification of PCI DSS Level 1, version 2.0 compliance. PCI DSS Level 1 certification is required for organizations processing over six million payment transactions annually. In addition to achieving PCI DSS Level 1, DANTOM also was recertified as complying with the following laws, regulations…
SoundBite Communications achieved its annual re-certification as a Level 1 Service Provider compliant with the PCI-DSS. SoundBite’s Level 1 PCI re-certification underscores the company’s commitment to information security and solidifies its reputation as an industry leader. This is the fourth consecutive year that SoundBite has achieved Level 1 certification for all sites. Earlier this year SoundBite had expanded its certification to include its London-area datacenter and UK-based operations.
Varolii Corporation personalized SMS, voice and email customer communications achieved ISO 27001 certification, the internationally recognized Information Security Management System (ISMS) standard. Varolii now meet ISO 27001 certification, Payment Card Industry Data Security Specification (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) compliance. ISO 27001 (ISO/IEC 27001) is the most rigorous global security standard that sets out requirements for an Information Security Management System. Varolii ensures client data protection while securely delivering more than five billion intelligent, personalized communications to consumers and employees on behalf of Fortune 1000 companies.
Coalfire released its “Navis Lighthouse,” offering a secure, solid-state device that continuously gathers control evidence and enables security professionals to manage compliance in real time. Lighthouse is included at no extra charge with a subscription to any of Coalfire’s Navis solutions. It enables customers to self-assess against PCI DSS, HIPAA/HITECH, GLBA/FFIEC and FISMA control requirements using the same kind of evidence that was previously gathered only in on-site, auditor-led tests. Navis is Coalfire’s trademarked suite of Governance, Risk and Compliance tools and is used by hundreds of Coalfire clients in retail, financial services, state and local government, technology, healthcare, and utilities.
Merchant Link “TransactionShield” and “TransactionVault” solutions can significantly reduce merchants’ PCI DSS scope, according to an independent security assessment released by Coalfire Systems. The Payment Card Industry (PCI) Qualified Security Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) company validated Merchant Link’s “TransactionShield” point-to-point encryption (P2PE) solution that ensures that customer data is secure from the moment their credit card is swiped, which removes customer credit card data where it would be at risk from hackers to Merchant Link’s hosted vault. TransactionVault can eliminate post authorization storage of cardholder data from a merchant’s network by storing it in Merchant Link’s PCI DSS compliant data centers.
Helping small and medium sized businesses ensure adequate defenses are in place, Coalfire Systems released its “Navis PCI Complete” online, fixed-price service that bundles together all the testing, documentation and reporting tools needed to achieve PCI Compliance with PCI DSS. The “Navis PCI Complete” lends Coalfire tools and expertise in an online toolkit and support program that provides small and medium-sized merchants with the education, tools, recommendations and assistance to ensure PCI DSS compliance. This includes assistance documenting card-processing technologies and networks; help identifying compliance gaps, selecting controls and prioritizing; external vulnerability scans; internal vulnerability scans; tools to document, print and submit a SAQ to a merchant’s bank or processor; and $50,000 of data breach insurance for each registered Merchant ID.
Coalfire Systems (Coalfire) released its “Navis PCI Complete” online, fixed-price service that bundles together all the testing, documentation and reporting tools needed to achieve PCI DSS Compliance. Encouraging merchants to vigilantly protect against continuously-evolving cyber threats, “Navis PCI Complete” packages its tools and expertise into an online toolkit and support program that provides small and medium-sized merchants with the education, tools, recommendations and assistance they need to de-mystify the PCI DSS and protect their businesses. It is specifically configured for merchants who process fewer than six million credit card transactions annually (PCI Merchant Level 2, 3 or 4) and are seeking to complete an annual test plan to validate PCI compliance. Included is assistance documenting card-processing; technologies and networks, identifying compliance gaps, selecting controls and prioritizing; external vulnerability scans; and internal vulnerability scans.
Zix Corporation (ZixCorp) email encryption services has been recognized as compliant with PCI DSS, having achieved the highest standard with Level 1 compliance based on DSS version 2.0. Now companies transmitting payment card information to individual customers or other businesses via “ZixPort” can be confident that they are adhering to the financial industry’s highest standards for data privacy and security. Using ZixPort can help senders to comply with financial privacy regulations, such as the Gramm-Leach-Bliley Act. Accretive Solutions is a national consulting firm and a recognized PCI DSS auditor. Accretive Solutions reviewed ZixCorp’s application for compliance and approved ZixCorp’s letter of attestation of compliance assessments for service providers.
Phoenix NAP datacenter and network access point is now a SAS 70 Type II certified facility, following the completion of an audit by independent agency Security and Control LLC. The SAS 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accounts (AICPA) that measures service organizations’ controls and safeguards. The datacenter maintains its status as a PCI DSS Validated Services Provider after Coalfire Systems completed its independent audit. Phoenix NAP is listed on the Global List of PCI DSS Validated Entities and has been deemed to be HIPAA compliant.