New & Notable
PCI Data Security Standard News
August 12, 2014
Discussing the state of PCI DSS compliance, Gartner's Avivah Litan says the industry still struggles with PCI auditors who both identify PCI problems and sell remediation services to fix them, causing a conflict of interest.
August 07, 2014
The PCI Security Standards Council's new information supplement helps enterprises implement a security assurance program to ensure their third-party service providers meet PCI DSS requirements.
July 21, 2014
Hailed by card brands as the cure to payment card fraud, Chip and PIN security technology will take years to deploy and has already proven vulnerable.
June 05, 2014
The Security Standards Council is soliciting topics for next year's PCI DSS special interest groups, despite delays that have held back two 2013 PCI SIGs.
PCI Data Security Standard Get Started
Bring yourself up to speed with our introductory content
A cardholder data environment or CDE is a computer system or networked group of IT systems that processes, stores and/or transmits cardholder data or sensitive payment authentication data, as well as any component that directly connects to or ... Continue Reading
Cardholder data (CD) refers to the primary account number (PAN) of a payment card belonging to a cardholder, along with any of the following data types: cardholder name, expiration date or service code (a three- or four-digit number coded onto the ... Continue Reading
The PCI DSS penetration testing requirement becomes more rigorous with the release of PCI 3.0. Expert Mike Chapple details the change. Continue Reading
Evaluate PCI Data Security Standard Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Gartner analyst Avivah Litan discusses how Gartner clients are reacting to the changes in PCI DSS 3.0, and whether the increased rigor in the standard will prove beneficial to enterprises. Continue Reading
Could open source security software solve PCI DSS compliance problems? Mike Chapple looks at how open source technologies can meet compliance needs. Continue Reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program. Continue Reading
Manage PCI Data Security Standard
Learn to apply best practices and optimize your operations.
Installing Java updates for security can be troublesome, so should companies still do it? Mike Chapple discusses Java and compliance issues. Continue Reading
Compliance with the PCI DSS 3.0 requirements means enterprises need to update their network diagrams. Mike Chapple outlines how to make these changes. Continue Reading
IT lockdown periods are sometimes used to improve system efficiency, but do they work with PCI compliance regulations? Expert Mike Chapple answers. Continue Reading
Problem Solve PCI Data Security Standard Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Expert Mike Chapple offers insight on how to maintain PCI DSS compliance when outsourcing Web hosting to a PCI-compliant provider. Continue Reading
PCI DSS compliance has little bearing on customer retention, so is it worth the effort? Mike Chapple explains why companies must comply with PCI DSS. Continue Reading
Employees play an important role in achieving and maintaining regulatory compliance, explains compliance expert Mike Chapple. Continue Reading