You are viewing 'PCI Compliance'
Additional 24 months allowed for compliance
In April 2015, the Payment Card Industry Security Standards Council (PCI SSC) released version 3.1 of the PCI Data Security Standard (PCI DSS), only four months after version 3.0 went into full effect. The most important changes are in the communications protocols SSL (all versions) and TLS (version 1.0). These protocols are now considered insecure. They are vulnerable to well-known exploits such as Heartbleed and POODLE.
The PCI deadline for migrating to newer, more secure protocols was originally June 2016. This gave organizations 14 months to address the changes. The generous schedule was an acknowledgement of real-world staffing and budget concerns, despite the fact that the... read more >
12th Consecutive Year as an ASV
Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >
Compliance doesn’t equal security
Security enables the continued success of any compliance program, not the other way around. If an organization chooses to do the bare minimum for security, then they should (in theory) expect a maximal impact as a result of a breach.
Take a moment and think about 2014, “The Year of the Data Breach.” It is highly unlikely that the information security (IS) and information technology (IT) teams in each of the major 2014 breaches were not aware of the vulnerabilities or the poor security architecture. However, was management aware of these vulnerabilities? And if so, what mitigation action did they take to correct those vulnerabilities?
It is crazy to me, as an information security manager at Solutionary, that an organization will wait for a catastrophic event or a third-party review before... read more >
Developing Policy, Training Employees and Ensuring Compliance
Last weeks’ post, Lobby Security and Beyond – Week 6 of 7: Utilizing Signage Effectively, offered guidance on how to use signage as a communication tool. This final blog in the seven week Lobby Security blog series, covers the importance of defining and publishing policies, providing training to employees and ensuring compliance.Policy
It is very important to develop policies regarding the physical security measures you implement. These policies will help to define your security standards, and ultimately integrate with your overall security plan. Once you define your policies, be sure to get executive sponsorship for those policies, and then publish and communicate the policies to the organization.
Two items not... read more >
Protecting Credit Card Data and Meeting PCI DSS Requirements
Have you ever walked into a grocery store and found the milk on a shelf next to the mustard? Or while walking the seemingly endless aisles of a supermarket and seen the ice cream next to ice scrapers?
Unless some mischievous kids were having fun, the answer is “of course not.” There's an almost perfect order to the retail store layout, even if it is a bit overwhelming.
Does this look like segmentation?
Not only are the dairy products kept in a somewhat contained area, they are also refrigerated and protected. Do you think it's a coincidence that high-value items like jewelry and electronics are in central locations with lots of lights and minimal visual barriers?
Of course not.
This is done by design. These valuable items are prone to theft so they require an elevated level of visibility and additional protection to safeguard them. Many items are locked away and can only be accessed by... read more >