Most Active Articles 2009-11-25T15:48:42.602-05:00 Business Exchange Business_Exchange@businessweek.com urn:com:businessweek:bx:topic:most-active:pci-compliance R Young ryoung533 urn:com:businessweek:bx:article:18056389263545064404-eae96a8917e7545deab8e2f95b66ff39 2009-10-29T06:22:58.909-04:00

I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons…

I recently saw an article entitled Compliance is the New Security Standard. The basic thesis of the blog post was that since companies have to spend money on compliance, they might as well spend the money once and rename the effort “security”. This is an interesting notion – although perhaps “placebo security” might be a cheaper approach. Compliance is not equivalent to security for several fundamental reasons… http://information-security-resources.com/2009/10/28/pci-compliance-does-not-equal-security/ Anthony M. Freed afreed536 1 0 0 1 urn:com:businessweek:bx:article:162071516425096648-aa003ed08af5b0df167f57d6314efb74 2009-03-17T01:33:00.000-04:00

Posted by Tom Espiner Payments giant Visa has withdrawn PCI DSS compliance from RBS WorldPay and Heartland Payment Systems, following massive data breaches. Visa administers the Payments Card Industry Data Security Standard (PCI DSS), which organisations

Posted by Tom Espiner Payments giant Visa has withdrawn PCI DSS compliance from RBS WorldPay and Heartland Payment Systems, following massive data breaches. Visa administers the Payments Card Industry Data Security Standard (PCI DSS), which organisations http://c.moreover.com/click/here.pl?r1873070417&f=9791 34 34 0 0 urn:com:businessweek:bx:article:18296387846821956162-f4ad2e800377e28e5b0370e1cf9353bc 2009-10-03T16:09:42.868-04:00

Research shows that most online banking sites have inbuilt flaws which could potentially put valuable customer data into the wrong hands.

Research shows that most online banking sites have inbuilt flaws which could potentially put valuable customer data into the wrong hands. http://pindebit.blogspot.com/2009/04/something-phishy-about-bank-not-using.html John B. Frank jfrank160 0 0 0 0 urn:com:businessweek:bx:article:457388249227334350-752bada2adbf03f0caa5e40712b6e126 2009-10-03T15:56:34.773-04:00

Viruses, spyware, key loggers – the James Bond style vocabulary of the computer hacker is enough to make us paranoid about losing all the money in our bank accounts when we log on to online banking to pay the gas bill.

Viruses, spyware, key loggers – the James Bond style vocabulary of the computer hacker is enough to make us paranoid about losing all the money in our bank accounts when we log on to online banking to pay the gas bill. http://pindebit.blogspot.com/2009/09/dont-say-i-didnt-warn-you-on-dangers-of.html John B. Frank jfrank160 0 0 0 0 urn:com:businessweek:bx:article:13520031130578502938-d0b3373fc66b707c74640b4bd9512d06 2009-10-03T13:21:33.601-04:00

What are the chances to fight back? SLIM and None!

What are the chances to fight back? SLIM and None! http://pindebit.blogspot.com/2009/09/online-banking-trojans-infesting-web.html John B. Frank jfrank160 0 0 0 0 urn:com:businessweek:bx:article:4928719718261739516-00f92a2ae7e54d5797e173226081bf44 2009-07-19T12:36:28.794-04:00

Internet banking experts say without co-ordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters.

Internet banking experts say without co-ordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters. http://pindebit.blogspot.com/2009/07/online-banking-data-being-fed-to.html John B. Frank jfrank160 3 1 1 1 urn:com:businessweek:bx:article:7213069320889486920-a49dfb9d6c2fe7371341b501582d7c49 2009-03-24T14:24:00.000-04:00

Cards on the Internet, then it is very likely that you will have to conform to the Payment Card Industry Data Security Standards (PCI-DSS).

Cards on the Internet, then it is very likely that you will have to conform to the Payment Card Industry Data Security Standards (PCI-DSS). http://feedproxy.google.com/~r/geekswithblogs/~3/67ypUm556Bs/pcidss-disablessl2andweakciphersoniis6.aspx 17 17 0 0 urn:com:businessweek:bx:article:10130569898794434056-9737ebdbac7b9107e49992a18ed10cfc 2009-06-26T21:51:43.352-04:00

Account Takeover Fraud would be eliminated, as would phishing attacks, cloned bank websites and DNS Hijacking IF banks used the same system for online banking as they used for ATM Access. With HomeATM's PCI 2.0 Certified PED, they could do exactly that. So what are they waiting for? Fraud to rise higher than 62%? Phishing to cost MORE than $352 per attack?

Account Takeover Fraud would be eliminated, as would phishing attacks, cloned bank websites and DNS Hijacking IF banks used the same system for online banking as they used for ATM Access. With HomeATM's PCI 2.0 Certified PED, they could do exactly that. So what are they waiting for? Fraud to rise higher than 62%? Phishing to cost MORE than $352 per attack? http://pindebit.blogspot.com/2009/06/could-your-bank-have-save-you-from.html John B. Frank jfrank160 2 1 0 1 urn:com:businessweek:bx:article:12621140641316717941-af601d6b92d3ac7d06665006d44ae792 2009-06-26T21:59:33.664-04:00

Banbra Trojan captures end-users online banking details. Nice! HomeATM's PCI 2.0 Certified SafeTPIN means no details, just Swipe and Enter your PIN and login details are instantly end-to-end encrypted!

Banbra Trojan captures end-users online banking details. Nice! HomeATM's PCI 2.0 Certified SafeTPIN means no details, just Swipe and Enter your PIN and login details are instantly end-to-end encrypted! http://pindebit.blogspot.com/2009/06/trojan-steals-banking-details.html John B. Frank jfrank160 1 0 1 0 urn:com:businessweek:bx:article:10207894891859424456-3275995dc2576a2d4f9f8ee37da9f134 2009-03-12T14:07:00.000-04:00

What is the best way to achieve PCI compliance on the EC2?  I have seen posts like these: http://www.mckeay.net/2008/11/02/pci-co...

What is the best way to achieve PCI compliance on the EC2?  I have seen posts like these: http://www.mckeay.net/2008/11/02/pci-co... http://developer.amazonwebservices.com/connect/thread.jspa?threadID=29479 12 12 0 0 urn:com:businessweek:bx:article:7981041645754091464-241e0f67c540f8c0a7e2ab8ff6d13909 2009-04-17T17:05:00.000-04:00

...know I work within the payments industry so you ... this site because security in the payments space is about more than just PCI compliance...

...know I work within the payments industry so you ... this site because security in the payments space is about more than just PCI compliance... http://securityninja.co.uk/blog/?p=270 9 9 0 0 urn:com:businessweek:bx:article:15513346672361373585-3795d793ece2567fa85137f4cd5edda1 2009-06-17T21:05:55.658-04:00

Banks have a "serious issue" with phishing attacks aimed at their online banking customers. It's time they take a long and serious look at a simple solution. (see left) The nature of this beast known as "phishing" is to lure these online banking folks, with a sophisticated and genuine looking trap which includes genuine looking emails which provide links to genuine looking sites. (a new "type" of bait and switch)

Banks have a "serious issue" with phishing attacks aimed at their online banking customers. It's time they take a long and serious look at a simple solution. (see left) The nature of this beast known as "phishing" is to lure these online banking folks, with a sophisticated and genuine looking trap which includes genuine looking emails which provide links to genuine looking sites. (a new "type" of bait and switch) http://pindebit.blogspot.com/2009/06/banks-have-serious-phishing-issueand.html John B. Frank jfrank160 7 0 0 7 urn:com:businessweek:bx:article:11030094246730269132-aeaa906d9b9cd589f415e84cdf84cbb9 2009-04-08T18:30:00.000-04:00

The PCI Compliance Fines are Not Going Away ... One might reasonably expect that, given the ... scrutiny of the payment card industry, that the

The PCI Compliance Fines are Not Going Away ... One might reasonably expect that, given the ... scrutiny of the payment card industry, that the http://www.storefrontbacktalk.com/securityfraud/washington-and-pci-are-a-terrifying-combo/ 7 7 0 0 urn:com:businessweek:bx:article:10782955620833204769-104613925e4d761cce5369ee72276505 2009-04-07T00:29:00.000-04:00

best to limit losses and manage costs. In a similar vein, when it comes to achieving and maintaining PCI compliance, one way to manage costs is to limit or reduce the scope of PCI requirements. Mon, April 06, 2009 — CSO — In today's turbulent

best to limit losses and manage costs. In a similar vein, when it comes to achieving and maintaining PCI compliance, one way to manage costs is to limit or reduce the scope of PCI requirements. Mon, April 06, 2009 — CSO — In today's turbulent http://c.moreover.com/click/here.pl?r1910221890&f=9791 6 6 0 0 urn:com:businessweek:bx:article:10125471902219881367-d2c2e3fc6070cc0f03729c6759ee6e24 2009-01-28T07:42:00.000-05:00

HSBC has defended its decision to scan all credit card transactions in real time in an effort to combat fraud. Checking every credit card transaction in real time is 'much more effective' than other security techniques, HSBC has claimed. The bank

HSBC has defended its decision to scan all credit card transactions in real time in an effort to combat fraud. Checking every credit card transaction in real time is 'much more effective' than other security techniques, HSBC has claimed. The bank http://c.moreover.com/click/here.pl?r1792273538&f=9791 10 10 0 0 urn:com:businessweek:bx:article:11074902166240921458-88be4ce1186cdf975eccc3572764c495 2009-06-18T15:32:42.330-04:00

HomeATM completely eliminates phishing, because it eliminates typing. Continue reading...

HomeATM completely eliminates phishing, because it eliminates typing. Continue reading... http://pindebit.blogspot.com/2009/06/homeatm-eliminates-phishing.html John B. Frank jfrank160 0 0 0 0 urn:com:businessweek:bx:article:4005080147122583759-a47b19e8c6c1d12f878eedd924ee014e 2009-06-18T15:25:11.402-04:00

HomeATM creates first and only PCI 2.0 compliant PIN Entry Device specifically designed for eCommerce Use

HomeATM creates first and only PCI 2.0 compliant PIN Entry Device specifically designed for eCommerce Use http://pindebit.blogspot.com/2009/06/atmel-homeatm-collaborate-safe-t-pin.html John B. Frank jfrank160 0 0 0 0 urn:com:businessweek:bx:article:4417469456141097170-a3f79875451c6c404aacee575bdfe8df 2009-01-27T23:47:00.000-05:00

Yes, in the past year two big retailers, who were apparently compliant to the Payment Card Industry Data Security Standard, were breached. Does that mean PCI DSS has grown increasingly irrelevant? That's absurd. First, I'm going to state the obvious to

Yes, in the past year two big retailers, who were apparently compliant to the Payment Card Industry Data Security Standard, were breached. Does that mean PCI DSS has grown increasingly irrelevant? That's absurd. First, I'm going to state the obvious to http://c.moreover.com/click/here.pl?r1791674773&f=9791 4 4 0 0 urn:com:businessweek:bx:article:51936849097662694-9813362ae249a4f1f89627da7d9b7c4c 2009-02-09T17:40:41.343-05:00

Welcome to the PCI Security Standards Council The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.

Welcome to the PCI Security Standards Council The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. https://www.pcisecuritystandards.org/ R Young ryoung533 3 3 0 0 urn:com:businessweek:bx:article:1801746167762775917-792e584144a85ad0536ba66d302fdcda 2009-04-06T00:05:00.000-04:00

payment card data thefts and fraud. 'I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure,' said (D-N.Y.), chairwoman of the House subcommittee that held the hearing. National Retail Federation CIO David

payment card data thefts and fraud. 'I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure,' said (D-N.Y.), chairwoman of the House subcommittee that held the hearing. National Retail Federation CIO David http://c.moreover.com/click/here.pl?r1907170062&f=9791 4 4 0 0 urn:com:businessweek:bx:article:1776803164601453055-7da0bce939bef33c7d46a81320e82370 2009-04-17T20:35:00.000-04:00

...about PCI Compliance. I'm building a site using Paypal's Website Payment Pro service (Canada) and I understand that my site must be PCI...

...about PCI Compliance. I'm building a site using Paypal's Website Payment Pro service (Canada) and I understand that my site must be PCI... http://community.freshbooks.com/forums/viewtopic.php?pid=18723 4 4 0 0 urn:com:businessweek:bx:article:3152208037024679998-998437c08da44684da02650f90543a3c 2009-01-27T07:45:00.000-05:00

on-board transactions using a simple touch interface. GuestLogix also announced that its new software has met all the PCI Security Standard Council's compliance mandates and is in the enviable position of having one of the few, if not only, airline POS

on-board transactions using a simple touch interface. GuestLogix also announced that its new software has met all the PCI Security Standard Council's compliance mandates and is in the enviable position of having one of the few, if not only, airline POS http://c.moreover.com/click/here.pl?r1790264445&f=9791 5 5 0 0 urn:com:businessweek:bx:article:1679605112591227401-290862ccf2daaa472ff1153afd15ea02 2009-04-11T08:28:00.000-04:00

services which are not received, even if just the deposit was paid for this way. 'Legal right' The payment card industry says it reached an agreement with Atol several years ago over who should pay out in these situations. The umbrella body - the UK

services which are not received, even if just the deposit was paid for this way. 'Legal right' The payment card industry says it reached an agreement with Atol several years ago over who should pay out in these situations. The umbrella body - the UK http://c.moreover.com/click/here.pl?r1917322079&f=9791 3 3 0 0 urn:com:businessweek:bx:article:12728298303672074202-bcf4ffce5445324aedabcae1bbe87ccd 2009-03-26T08:13:00.000-04:00

Magento is currently PCI compliant or could be easily configured to be: http://www.magentocommerce.com/company/...

Magento is currently PCI compliant or could be easily configured to be: http://www.magentocommerce.com/company/... http://www.searchenginejournal.com/magento-ecommerce/9477/comment-page-1/ 3 3 0 0 urn:com:businessweek:bx:article:8056004644841137330-883d98f1d82412d73f298f39914bb6e1 2009-02-26T03:52:00.000-05:00

to face cuts in response to the current economic crisis. And we all know the main reason: regulatory compliance. It would be fun to tell ourselves that years of awareness training and our evermore-sophisticated security metrics had gotten traction at

to face cuts in response to the current economic crisis. And we all know the main reason: regulatory compliance. It would be fun to tell ourselves that years of awareness training and our evermore-sophisticated security metrics had gotten traction at http://c.moreover.com/click/here.pl?r1841259404&f=9791 5 5 0 0