PCI Data Security Standard News
August 04, 2016
Researchers at Black Hat 2016 poked holes in chip and PIN security by demonstrating simple attacks that can intercept EMV card transaction data, including CVV codes and PINs.
April 28, 2016
PCI DSS 3.2 marks the start of refining the payment data regulations, rather than minor changes, and includes requirements to strengthen encryption and multifactor authentication.
February 19, 2016
The PCI council has determined its data security standard is finally mature enough to forego significant updates, so PCI DSS 3.2 will be more of an incremental modification.
December 22, 2015
The Payment Card Industry Security Standards Council unexpectedly pushed back the deadline for enterprises to migrate off of early versions of TLS.
PCI Data Security Standard Get Started
Bring yourself up to speed with our introductory content
Does PCI DSS 3.2 mark the end of major updates to payment security compliance standards? Expert Mike Chapple discusses the update and what it means for organizations. Continue Reading
Complying with PCI penetration testing mandates has always been a challenge for enterprises. Expert Kevin Beaver discusses the recently released PCI SSC pen testing guidance and how it can help enterprises overcome their PCI woes. Continue Reading
PCI DSS 3.1 requires enterprises to deplete SSL and early TLS use by June 30, 2016. Expert Michael Cobb offers advice for putting a migration plan to TLS 1.2 in place. Continue Reading
Evaluate PCI Data Security Standard Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security Assessor helps with security. Continue Reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations can do this. Continue Reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation driving this order. Continue Reading
Manage PCI Data Security Standard
Learn to apply best practices and optimize your operations.
PCI DSS is pretty specific about security, but does it do enough for mobile payment security? Expert Mike Chapple explains why he says yes. Continue Reading
New guidance from the PCI SSC includes some essential aspects of tokenization security and what merchants need to know about tokenization products. Continue Reading
A new PCI Special Interest Group document gives advice to enterprises on staying PCI DSS compliant after audits. Expert Mike Chapple highlights the key takeaways. Continue Reading
Problem Solve PCI Data Security Standard Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it. Continue Reading
PCI DSS requirement 2 specifies companies must change vendor-supplied default passwords, but only 50% were in compliance. Expert Mike Chapple explains why. Continue Reading
Securing credit card data -- both online and at brick-and-mortar stores -- requires security measures beyond those mandated by PCI DSS. Expert Philip Alexander outlines six out-of-band security controls to consider. Continue Reading