Contents tagged with PCI Security and Compliance

  • PCI labels any 'version of SSL' as unacceptable for data protection

    February 18, 2015
    A new IT study finds that SSL is no longer an acceptable form of data protection.

    The PCI Security Standards Council is looking to revise its Data Security and Payment Application standards with its recent declaration that every version of the Secure Sockets Layer (SSL) certificate falls short of its cryptography requirements and is not a reliable form of data protection.

    The announcement was made following the publication of a new report by the National Institute of Standards and Technology, which determined that SSL v3.0 — the most recent version of the internet connection protocol — presented a number of "inherent weaknesses" that made it vulnerable to data theft and an unreliable benchmark of cyber protection. Not only does this finding mark a change of direction for PCI's own data security standards, but could have profound … more

  • PCI Report: Retailers affected by data breaches were not fully PCI-compliant at time of attack

    February 16, 2015
    Not a single retailer affected by a data breach was maintaining full PCI compliance when the attack occurred.

    If the mandatory January 1 start date for PCI DSS 3.0 wasn't any indication, 2015 is looking to be a major year for transforming PCI data security. At last month's National Retail Federation (NRF) convention, Verizon Enterprise Solutions offered attendees an advance look at their 2015 PCI Report, which revealed some troubling findings. One we've covered before on this blog was the gap between achieving PCI compliance and maintaining it. As we noted then, not even one-third of retailers across the country manage consistent PCI compliance. While they may reach compliance in time for their yearly audit, all too often the majority of retailers lag in their PCI responsibilities, significantly opening themselves up to the risk of a cyber attack.

    This was further corroborated by the Verizon … more

  • Homeland Security and PCI Council issue warning about 'GHOST' software vulnerability

    February 16, 2015
    The PCI Council and Department of Homeland Security are warning merchants to take steps against GHOST.

    It's crucial that merchants take the utmost precautions in data security going forward. With cyber fraud becoming an increasingly prominent issue, staying on top of the latest threats and working to ensure that B2B ecommerce solutions are providing only the most secure payment options can make all the difference in protecting businesses' financial health. To that end, the PCI Security Standards Council (SSC) and Department of Homeland Security are urging companies to protect their systems from a newly discovered software vulnerability called "GHOST."

    According to the payment industry news source Payment Week, GHOST enables hackers to infiltrate affected systems to install malware, delete files and get their hands on sensitive credentials or financial data. To protect … more

  • 2015: A 'defining year' for PCI data security

    January 26, 2015
    Government agencies and B2B buyers alike are looking to make PCI data security a greater priority this year.

    With cybersecurity attacks and data hacks turning millions more Americans into identity theft victims each year, companies and government agencies alike are stepping up efforts to broaden and strengthen their data protection in the coming year. 2014 saw one major corporate data breach occur after another, resulting in millions of stolen identities and billions in lost assets. President Barack Obama touched on the issue in last week's State of the Union address, calling for a renewed emphasis on data security in 2015 — an initiative that many B2B payers are already undertaking themselves.

    "The good news is we know what works and what doesn't," writes Stephen Orfei, general manger for the PCI Security Standards Council, on The Hill. "In recent years, we at PCI have not … more

  • Survey: Less than one-third of retailers engage in consistent PCI compliance

    January 21, 2015
    Despite the increased risk of cyber fraud, less than 30 percent of retailers practice regular PCI compliance.

    With the ever-increasing risk of cyber fraud posing a threat to both B2B and B2C merchants alike, maintaining PCI compliance is more important than ever. Unfortunately, only a minority of retailers manage consistent year-round compliance. In fact, the Verizon 2015 PCI Report found that as few as 28.6 percent of retailers — less than one-third — actually adhere to PCI compliance in between audits.

    "We see compliance going down day by day, month by month, after the assessment," Rodolpe Simonetti, Verizon's managing director for PCI compliance consulting, told CSO Online. "Compliance is supposed to be supporting security, not just a yearly checklist."

    Those assessments are carried out every year to test for 12 main criteria outlined by the Payment Card Industry Data … more

  • Are customers building faith in eCommerce transactions?

    December 21, 2014
    You must be able to protect customer data regardless of the payment method used.

    The shift from traditional sales environments to eCommerce has accelerated in recent years, and the B2B sector has helped lead this charge. More B2B merchants have adopted the technology to meet the growing demands of their customers, but a lingering sentiment that eCommerce compromises security has prevented merchants from reaching complete adoption of the technology. That may be changing.

    In B2C industries like retail food and beverage, the thought that offline transactions are safer has been all but eradicated thanks to a series of high-profile security breaches over the past year. An article in the online publication Payments Source addressed this issue, and Shawn Budde, the article's author, says more people are realizing that eCommerce is simply safer than archaic offline … more

  • Payment tokenization to emerge as mainstream solution in 2015

    December 21, 2014
    Tokenization is becoming an increasingly viable solution for those trying to protect customer data.

    PCI compliance has been a major concern of merchants in both the B2B and B2C sectors for some time. Today, merchants are increasingly seeking solutions to alleviate the risk of fraud, which has become a pressing issue following a number of high-profile security breaches in the past year. While most of the well-known incidents have taken place in the retail sector, merchants in all industries must be mindful of security concerns. This is why more merchants in industries such as B2B have begun to implement innovative solutions designed to protect customer data. 

    A PYMNTS.com article recently featured insights from 12 innovators in the payments industry. They all offered their thoughts on what will be the biggest trends in the coming year. Manny Ju, the director of strategic … more

  • How do you manage recurring B2B payments of varying amounts?

    October 29, 2014
    Repeat payments can streamline B2B transactions while protecting customer data.

    Recurring billing is a helpful solution in the B2B space. As a merchant in this area, your goal typically is to develop long-term relationships with your customers as you provide services accompanied by monthly fees. Rather than going through the payment process every month with each of your customers that receive these services, recurring billing streamlines the process by allowing you to send automated invoices that reflect monthly charges.

    However, this is usually only effective if you are charging customers the same amount each month. But what if your services vary and you charge different amounts with each bill? In this case, repeat payments are an ideal solution.

    If your repeat customers have payment amounts or intervals that vary with each billing period, you can process repeat … more

  • The importance of protecting data throughout the eCommerce site

    September 30, 2014
    Data must be protected throughout the eCommerce site.

    A successful eCommerce security solution does more than protect customer data at the end of the payment process. Merchants should let their customers know their information is safe throughout the procurement and checkout process. If a buyer feels their data is vulnerable they will leave, which could end up happening long before they get to the checkout screen.

    Forbes recently listed six ways eCommerce businesses can improve the online checkout process. One of the key suggestions was to put security features everywhere. Deep security integration can improve the trustworthiness of your organization, the customer's online experience and can help you close more sales. 

    "A leading cause of abandonment is a distrust of payment security. The ecommerce world has been rocked by massive … more

  • Study: Roughly half of eCommerce sites lost customer data last year

    September 21, 2014
    Roughly half of eCommerce sites have lost customer data.

    Customer information security is a very real concern, but it's often difficult to separate legitimate information from overblown rhetoric. It seems today's headlines are flooded with stories of customers having their private data stolen, but an increasing number of tech firms are focusing their efforts on electronic security — an attempt to alleviate the fears of wary customers. One study attempted to find the truth, and its discovery is one all online merchants need to be mindful of.

    The security firm Kaspersky conducted a global survey of IT professionals and discovered that half of eCommerce sites reported losing data in the past year. This doesn't necessarily mean that all lost information was stolen by cybercriminals with malicious intentions, but it does speak to the … more