Security News

Not only am I responsible for all of the ongoing compliance and yearly assessments, but I also have to interpret the PCI DSS scriptures on how PCI affects products, initiatives, and platform decisions. I'm honestly surprised that so many vendors operating in areas that impact PCI compliance have virtually no clue about how their products affect or are affected by PCI. After all, there's no excuse to be clueless.

PCI Geomatics, a world leading developer of remote sensing and photogrammetric software and systems, announced the availability of Geomatica Cloud on the cloudeo marketplace. "PCI Geomatics offers leading edge technology to extract information from UAV, aerial, satellite optical and SAR imagery. Improving access to this technology is a key focus of our business transformation."

SecureTrust, a division of Trustwave, announced SecureTrust PCI Manager, a cloud-based platform delivering Payment Card Industry compliance validation and enhanced risk mitigation for acquiring banks and merchant service providers. "SecureTrust PCI Manager helps our merchants achieve PCI compliance through a process that drives accuracy and is less time consuming, giving our merchants more time to focus on growing their business and enhancing the customer experience," stated Robyn Mitchell, chief compliance officer at North American Bancard.

The ai Corporation, an FCA approved expert in payments, fraud and risk management, announced that it has upgraded EazyFuel, its closed loop fuel card platform, to be fully PCI compliant, in anticipation of the expansion of PCI Data Security Standard to cover fuel cards. Ai, whose aiGateway - omni-channel payment gateway - was granted Level 1 Service Provider accreditation recently, has rolled out PCI compliance across its suite of payments, fraud and risk management solutions for the fuel industry, in advance of any change to PCI DSS compliance or regulation.

PCI Pal Rapid Remote delivers PCI compliant payment services at pace, and enables organizations to quickly continue handling customer payments in a secure and compliant way even when working remotely or from home with minimal notice. With many contact centre agents, and other back-office staff who take payments, now working from home during these unprecedented times, Rapid Remote gives organizations the ability to securely handle payments, while also complying with PCI DSS rules.

Semafone, the leading provider of data security and compliance solutions for call and contact centers, announced that it has achieved global certification under the Payment Card Industry Data Security Standard for its omnichannel digital payments solution, Cardprotect Relay+. Semafone has also been named on the Visa Global Registry of Service Providers demonstrating its ability to adhere to strict, updated and ongoing PCI DSS compliance, while upholding a strong defense against cardholder data compromise by supporting secure technologies such as point-to-point encryption and tokenization.

Combined with its existing Agent Assist and IVR payment solutions, PCI Pal Digital will enable a true omnichannel secure payments environment for contact centers and businesses taking payments across the globe. "As we see the increased adoption of digital channels within organizations, including both our partners and direct customers, we believe that now is the time to introduce our digital payment offering supplementing our existing Agent Assist and IVR solutions," said James Barham, CEO, PCI Pal.

Today, I want to take a closer look at the PCI DSS 3.2 standard, starting with Requirement 8 and gradually making our way to Requirement 8.3.2. The standard specifically uses CDE, or the cardholder data environment, instead of "Sensitive data," but the concept is the same - make sure the person requesting access is truly who they claim to be.

The PCI Security Standards Council (PCI SSC) has updated the PCI Point-to-Point Encryption Standard (P2PE) and supporting program. PCI P2PE Version 3.0 simplifies the process for component and...

Companies subject to PCI DSS security requirements are audited once per year, yet many of these companies continue to be breached. It is not that PCI DSS fails, but that companies fail to maintain...