Category Archives: PCI DSS

The Payment Card Industry Data Security Standard (more commonly referred to as PCI DSS) is the international security standard for organisations taking payments via credit and debit cards to minimise risk to consumers and providers of fraud, sanctions and reputational damage.

Achieving Comprehensive PCI DSS 3.0 Compliance


August 07, 2014

It’s not news that any entity that processes, transmits or stores account data, or can impact the security of cardholder data environment, is required to be compliant to PCI DSS 3.0. However, the business benefits of the security framework — a more secure network, protection of corporate brand and reputation, reduced risk of successful data breaches and network attacks — can easily be overshadowed.

Tripwire (a long time parter of Securus) combines the power of configuration control and deep file integrity monitoring (FIM) with comprehensive log and security information event management capabilities to help deliver continuous and unmatched PCI DSS compliance. The above white paper serves as a useful guide for security personnel who want to learn how Tripwire® Enterprise, Tripwire Log Center® and Tripwire IP360™ could assist in meeting PCI DSS requirements. Qualified Security Assessors (QSAs) might find this document useful as well, as it highlights the areas of the PCI DSS requirements that can be verified and met by those solutions.

Download whitepaper here: http://www.tripwire.com/register/pci-dss-compliance-with-tripwire-solutions-a-witham-pty-ltd-whitepaper/

POS malware comprises 1,500 devices and half a million payment cards


May 31, 2014

Over half a million payment cards have been compromised by a piece of malware that has infected around 1,500 point-of-sale (POS) devices globally.

The malware, part of a worldwide botnet called Nemanja, was recently discovered by cyber intelligence firm IntelCrawler – located on over 1,478 hosts in 35 countries including Australia. The list of infected devices currently includes POS terminals, accounting systems and grocery management platforms.

Continue reading

Experts explain how PCI DSS will affect penetration testing for Aussie businesses


December 20, 2013

Penetration testing services had better prepare for a surge in demand next year, considering PCI DSS compliance will require more rigorous vulnerability management measures.

According to CSO, PCI Data Security Standard 3.0 compliance will require businesses to put together clear-cut strategies for performing penetration testing functions, which will ultimately make it safer for all companies to handle valuable credit card data.

Continue reading

Explaining new requirements under PCI DSS 3.0


December 06, 2013

On January 1 2014, the third version of the Payment Card Industry Data Security Standard will go into effect, and although Version 2 won't expire for another year, experts are encouraging to start the switch soon.

According to DataGuidance, a preview of the new version showed there will be several new requirements. This included making penetration testing mandatory for all businesses,  large and small.

Continue reading

Understanding the value of penetration testing


October 18, 2013

When a company goes about testing its cybersecurity systems, it has a few options to choose from, but the type that may provide the most insight into how well a business responds to a cyber threat may be a penetration test.

Different from a standard security audit, penetration testing goes the extra mile to determine how exactly a system will respond once a hacker exploits a vulnerability.

A recent article in Forbes outlined the many reasons businesses are opting to undergo penetration testing, and what value these organisations derive from it.

Continue reading

Companies can benefit from PCI DSS templates


October 16, 2013

Businesses that need to comply with the Payment Card Industry Data Security Standard (PCI DSS) may find it easiest to use pre-made compliance security policy templates, which PCI DSS experts in many countries and industries can use.

Compliance with the standard is paramount in many businesses, but it can be difficult to achieve without documentation that has been researched and penned by experts in the field. The demand for compliance is only expected to grow as local and federal governments continue to require improved cyber security measures.

A good template will feature step by step instructions that are unique to merchants and service providers.

Continue reading

Payment security ranks highly among consumers


September 18, 2013

Customers are becoming increasingly aware of how their personal data is being dealt with when they provide payment details over the phone, a new study has found.

Compiled by Syntec Telecom, the survey highlighted the need for PCI compliance as just one per cent of consumers believe the most secure means of making a payment is through call centre agents.

Continue reading