This update will be an immense help to the broader payments industry in the ongoing adoption of cloud computing by organizations subject to PCI compliance obligations, writes Dan Stocker, practice director of commercial services for cloud and technology at Coalfire.
Are the incentives for protecting card data so lopsided that merchants feel little need to do more? Or is it wrong to ask merchants to fix the faults in a payment card ecosystem they had little hand in creating?
Driven by big breaches like the Equifax incident, all stakeholders in card payments will have to demonstrate multifactor authentication, writes Michael Magrath, director of global regulations and standards at VASCO.
There is a growing need for professionals who install and support merchant payment systems to be aware of and trained on critical security controls, writes Mauro Lance, chief operating officer of the PCI Security Standards Council.
As the names pile up — Equifax, Target, Home Depot, TJ Maxx, etc. — there's one thing all of these brands have in common. They all disclosed a major data security breach, and they all remain in business despite what happened.
In a case where two payments security heads are better than one, Accredited Standards Committee X9 Inc. and the PCI Security Standards Council have agreed to create one unified PIN security standard for payments stakeholders.
Developers of mobile point of sale solutions now have a path to build secure applications to support PIN entry on tablets and smartphones, following the Payment Card Industry Security Standards Council’s latest update.
With less than three months before the PCI DSS Requirement 8.3 takes effect, all involved in the handling of cardholder data must take definitive steps to review, implement and upgrade their multifactor authentication strategies and implementation to assure compliance, writes Dirk Denayer, business solutions manager at VASCO Data Security.
Payments technology changes rapidly, and cybercriminal techniques have no trouble keeping pace. Against that backdrop, the Payment Card Industry Security Standards Council must set new rules without hindering development.