PCI

In updating its point-to-point encryption standard, the PCI Security Standards Council says the resulting simplified validation process for component and software providers will result in more products available for cardholder data protection.

FIS has partnered with ControlScan to give its growing number of payment facilitators’ “sub-merchants” a streamlined path to comply with the Payment Card Industry Data Security Standard.

Blockchain and distributed ledger technology offer many of the basic elements that are essential components for PCI DSS compliance, writes Doug Wick, chief product officer at ALTR.

Managing compliance and breach risk make it harder to offer a good customer experience, but the cost of friction may be even higher, argues Bob Janacek, CEO of DataMotion.

Compliance can be complex and expensive, but failure puts merchants at risk, says FIME's Christian Damour.

Both are useful, but each has specialties in protecting different types of transaction processes, according to Rambus Payments' Andre Stoorvogel.

To stay ahead of the rapid development of payment applications, the Payment Card Industry Security Standards Council is making new software security standards and a validation program for vendors available later this year.

Collaboration is a critical part of how we prevent cyberattacks from turning into breaches that put consumer payment card data at risk, writes Lance Johnson, executive director of PCI SSC.

New Merchant Advisory Group chief John Drechny will push open standards for payments acceptance and security technology that doesn't impact customer experience.

Lack of preparation for a PCI DSS assessment usually results in unexpected and unnecessary expenses, as well as lost productivity among all parties involved, writes Marc Punzirudu, director of security consulting services at ControlScan.

The larger the business grows, the more difficult and time-consuming it will be to make the fundamental changes required, according to Justin Shipe, vice president of information security for CardConnect, and Aaron Largent, director of infrastructure for CardConnect.

Within hours of learning about the breach, Brinker International, parent company of the Chili’s chain, issued a news release, website notice and social media advisories informing consumers and other interested parties of the incident, writes John Gunn, CMO of OneSpan.

Even though much of PCI data is stored and maintained on mainframes, many are currently not being evaluated or scanned accurately for PCI DSS compliance, writes Ray Overby, co-founder and president of Key Resources.

PCI compliance can't solve all security problems. EMV, encryption are all necessary to protect merchants from data breaches, writes Jeff Zimmerman, COO of Clearent.

Many of the same protections for mobile payments, such as tokenization and single-use keys, can come into play to protect in-car payments, according to Jim Carroll, chief technology officer at Mobica.

The best course of action would be seek a policy, or an endorsement to your policy, that specifically includes coverage for all PCI fee, according to Karin Scherner Aldama, a partner at Perkins Coie's Insurance Recovery Law Practice.

Payment technology and card network veteran Lance Johnson is the new executive director of the PCI Security Standards Council, effective January 2018.

Payments technology changes rapidly, and cybercriminal techniques have no trouble keeping pace. Against that backdrop, the Payment Card Industry Security Standards Council must set new rules without hindering development.

Cybersecurity professionals are having hard time keeping up with the vulnerabilities exposed on a daily basis in networks handling payments or personal data, according to new research from Bay Dynamics.

It's a big challenge to educate small merchants on the importance of data security, but many acquirers and ISOs are jumping at the opportunity to fill the role of educator.