PCI DSS guideline on Wireless Network

The PCI Council published the guideline prepared by the PCI SSC Wireless Special Interest Group (SIG) Implementation Team named as PCI DSS Wireless Guideline (Information Supplement) to address the wireless security in the cardholder data environment (CDE) https://www.pcisecuritystandards.org/pdfs/PCI_DSS_Wireless_Guidelines.pdfThis guideline has come out after 4 years of the security incident (TJ…

PCI SSC Guidance for Merchants on PCI DSS

The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today released a new resource to promote card data security through adoption…

PCI DSS compliance and Password policy

Usernames and passwords is still the major method of authenticating users to the systems. It would be difficult to find someone without a user name and password in the workplace. In addition, personal usernames and passwords often come into picture when people access various websites and private emails. Proper use…

Cloud solutions & PCI DSS Compliance

Businesses are increasing its dependence on cloud computing solutions. PCI DSS compliance is often a concern for many organizations when considering cloud or virtualized solutions. As mentioned in one of my earlier post, If you do not store cardholder data in public cloud, then it is possible to reach compliance…

How to be PCI compliant – small merchants

PCI DSS Compliance is a very hot topic these days. With the number of card data leakage incidents, every organization which cares about the reputation wants to know how to be PCI Compliant. Few days back someone asked me about it again, How to be PCI Compliant? My first answer…

PCI DSS & Network Devices

PCI DSS requirements say many things about network security to make the card holder data safe and protected when it is stored, transmitted & processed. How we can achieve the maximum level of security through network devices? PCI DSS requirement talk about installation and maintenance of infrastructure devices like firewalls,…

Who should be PCI Compliant

It is often asked if this organization should be PCI Compliant. Many conferences include a discussion around the topic of Who should be PCI compliant. PCI DSS is applicable to all organizations who store, process or transmit account data. Extract from the PCI Standard tells us that the account data…

Outsourcing the payment card related activities

Many organizations outsource their work to third parties for meeting their business objectives. The objectives vary from simple low cost labour to risk management practices. Some organizations outsource part of the work while others outsource a major chunk of their work. In this essay, I will be covering some aspects…

PCI DSS History

PCI DSS originally began as five different security programs by five different card companies: Visa Card Information Security Program (CISP) MasterCard Site Data Protection American Express Data Security Operating Policy Discover Information and Compliance JCB Data Security Program Each of these companies intended to create an additional level of protection…