PCI SSC unveils two new validation programs for software vendors and assessors

The PCI Security Standards Council (PCI SSC) announced two new validation programs for use by payment software vendors to demonstrate that both their development practices and their payment software products address overall software security resiliency… Continue reading PCI SSC unveils two new validation programs for software vendors and assessors

New requirements for the secure design and development of modern payment software

The PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software… Continue reading New requirements for the secure design and development of modern payment software

Full compliance with the PCI DSS drops for the first time in six years

After documenting improvements in Payment Card Industry Data Security Standard (PCI DSS) compliance over the past six years (2010 – 2016), Verizon’s 2018 Payment Security Report (PSR) now reveals a concerning downward trend with companies failing compl… Continue reading Full compliance with the PCI DSS drops for the first time in six years

Tool and resources to help small merchants improve payment card data security

Small merchants continue to be a primary target for cybercriminals. According to the Verizon Data Breach Investigations Report, 61% of breached organizations surveyed were small businesses. These highly-targeted businesses often do not have the technic… Continue reading Tool and resources to help small merchants improve payment card data security

The PCI SSC QIR program is changing to help merchants reduce risk

The PCI Security Standards Council (PCI SSC) announced new changes to the PCI Qualified Integrators and Resellers (QIR) Program in response to industry feedback and data breach report findings. The program changes are designed to increase the number of… Continue reading The PCI SSC QIR program is changing to help merchants reduce risk

PCI Council sets security requirements for mobile point of sale solutions

The PCI Security Standards Council has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf (COTS) devices such as smartphones and tablets. What are we talking about here? Stores that offer customers the possib… Continue reading PCI Council sets security requirements for mobile point of sale solutions

PCI DSS 3.2 is out: What’s new?

The Payment Card Industry Security Standards Council has published the latest version of PCI DSS, the information security standard for organizations that handle customer credit cards. Changes and improvements in PCI DSS 3.2 include: Multi-factor authentication will be required for all administrative access into the cardholder data environment. Previously, use of multi-factor authentication was only a must when it was accessed remotely, by an untrusted user/device. “This will not impact machine authentication where one system … More Continue reading PCI DSS 3.2 is out: What’s new?