PCI Data Security Standard News
April 28, 2016
PCI DSS 3.2 marks the start of refining the payment data regulations, rather than minor changes, and includes requirements to strengthen encryption and multifactor authentication.
February 19, 2016
The PCI council has determined its data security standard is finally mature enough to forego significant updates, so PCI DSS 3.2 will be more of an incremental modification.
December 22, 2015
The Payment Card Industry Security Standards Council unexpectedly pushed back the deadline for enterprises to migrate off of early versions of TLS.
October 02, 2015
News roundup: Despite a low adoption rate going into the liability shift, many in the industry are optimistic about the future of EMV use. Plus: TrueCrypt flaws; AWS crypto keys stolen; women in infosec.
PCI Data Security Standard Get Started
Bring yourself up to speed with our introductory content
Does PCI DSS 3.2 mark the end of major updates to payment security compliance standards? Expert Mike Chapple discusses the update and what it means for organizations. Continue Reading
Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes. Continue Reading
PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place. Continue Reading
Evaluate PCI Data Security Standard Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
In this Risk & Repeat podcast, SearchSecurity editors discuss the recent Acer data breach and the questions it raises about the company's payment security practices. Continue Reading
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. Expert Mike Chapple explains. Continue Reading
Security log management includes deciding what log data to retain and the length of time it should be stored. Expert Michael Cobb explains some challenges and best practices. Continue Reading
Manage PCI Data Security Standard
Learn to apply best practices and optimize your operations.
PCI DSS is pretty specific about security, but does it do enough for mobile payment security? Expert Mike Chapple explains why he says yes. Continue Reading
New guidance from the PCI SSC includes some essential aspects of tokenization security and what merchants need to know about tokenization products. Continue Reading
A new PCI Special Interest Group document gives advice to enterprises on staying PCI DSS compliant after audits. Expert Mike Chapple highlights the key takeaways. Continue Reading
Problem Solve PCI Data Security Standard Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it. Continue Reading
PCI DSS requirement 2 specifies companies must change vendor-supplied default passwords, but only 50% were in compliance. Expert Mike Chapple explains why. Continue Reading
Securing credit card data -- both online and at brick-and-mortar stores -- requires security measures beyond those mandated by PCI DSS. Expert Philip Alexander outlines six out-of-band security controls to consider. Continue Reading