The majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon.
New research shows 61% of businesses store the unencrypted 16-digit sequence on the front of credit cards, also known as the Primary Account Number (PAN). Also, EMV-enabled payment terminals can still be used to make a payment transaction using an optional mag stripe swipe process, which means there’s still an opportunity for misconfigured software to inadvertently capture and store full track data.
Catching payment card data breaches in advance is a daunting task. However, TX-based iScan Online unveiled the worldwide availability of Data Breach Analytics.
CDNetworks has received PCI-DSS certification renewal and meets the Business Associate requirements for HIPAA Privacy Rule compliance. CDNetworks’ Dynamic Network Acceleration adheres to the technical requirements of the PCI standards regarding system- and application-level policies that include log data centralization, monitoring, and reporting for security and audit purposes. HIPAA stands for Health Insurance Portability and Accountability Act and was enacted as a standard for protecting healthcare patient data on the internet. CDNetworks meets the HIPAA Privacy Rule standards, including risk assessment and documentation, encryption, and audit controls.
Financial Transaction Services (FTS), a full-service provider of electronic transaction processing services, has selected Trustwave to provide PCI DSS compliance validation solutions for its merchants. FTS engaged Trustwave to provide its merchants with access to TrustKeeper(R) PCI Manager, Trustwave’s innovative security and compliance cloud portal. TrustKeeper PCI Manager simplifies merchants’ compliance efforts including moving merchants through the complex compliance process with greater ease and efficiency by making the tasks achievable for non-technical users. This helps facilitate PCI DSS compliance validation for merchants or acquirers, independent services organizations (ISOs), and processors with large merchant populations.
YESpay now offers Point-to-Point Encryption – the latest technology that allows simple and secure payments through credit/debit cards at retail outlets while de-scoping PCI-DSS (payment card industry data security standard) certification process. This is achieved by simplifying the validation process by encrypting cardholder data at the time it enters a PINPAD/PED payment system and transporting…
Quarri Technologies security software company announced Move With Us real estate agency network selected its “On Q” (POQ) to achieve compliance with the PCI DSS. Move With Us requires customer credit card information, which is entered and processed through a web-based application. Quarri POQ helps organizations achieve and maintain PCI compliance by addressing a variety of PCI DSS issues that have been historically difficult to solve, such as data encryption, malware effectiveness and application security.
Research is now showing 71% of merchants store unencrypted payment card data in 2011, 8% higher than in 2010. This, according to SecurityMetrics merchant data security, also shows over 370 million unencrypted cards on various-sized business and home networks, with the largest amount of payment cards discovered in a single network scan at over 96 million. Merchants who store unencrypted payment card data directly violate PCI DSS requirements and may be subject to fines and other penalties after a compromise. The discovery of unprotected cardholder data may indicate a number of factors, including an improperly designed or configured payment application, a non-PCI compliant payment application or improper card handling by employees.
Trustwave information security and compliance solutions announced its “TrustKeeper” cloud-based security and compliance portal, has been named one of the 2011 Chicago Innovation Awards winners. The Chicago Innovation Awards recognition of innovative products or services hosted more than 400 nominees, up more than 60% over the past two years. The “TrustKeeper” Web portal supports merchants’ compliance efforts. This helps facilitate compliance validation with PCI DSS for merchants, or acquiring banks, Independent Sales Organizations (ISOs) and processors with large merchant populations.
DataMotion email encryption and workflow solutions announced its SecureMail technology is now available for state and local government agencies that need to exchange, track and report sensitive information quickly and securely with other agencies, municipalities and private citizens. The agency turned to DataMotion SecureMail to enable secure electronic delivery of the reports, significantly reducing the cost of production. The cost-effective service works with legacy systems to protect messages sent between state and local government agencies, affiliated organizations and their citizens.
Ground Labs developer of security and auditing software solutions for the payment card industry, will be a sponsor of this year’s PCI SSC European Community Meeting. The PCI SSC Community Meetings provide an opportunity for industry stakeholders to learn from each other’s experience working with the PCI DSS. Participants also have opportunities to raise new ideas for future versions of the Standards and learn about best practices for protecting cardholder data as they interact with solution vendors and other service providers in the industry. Singapore-based Ground Labs is one of the international sponsors of the upcoming Community Meeting. The company’s flagship products, Card Recon and Enterprise Recon, perform cardholder data discovery to assist companies in identifying storage risks and help prevent security breaches that result in the theft of customers’ credit and debit card numbers.
DataMotion secure email encryption solutions is offering new customers its “SecureMail” technology free for a month. Allowing organizations meet regulatory compliance requirements, reduce costs and provide better service to their customers, “SecureMail” email users can send confidential business information such as documents, files or images to anyone over the Internet in a completely safe manner. By leveraging a company’s existing messaging infrastructure, middleware and applications, DataMotion empowers companies to work securely outside their already established, closed network.