Security Management Strategies for the CIO
Email Alerts
-
Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain
Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit cre... Interview
-
NuBridges update enables simultaneous data center tokenization
The software update helps enterprises coordinate the issuing of tokens among multiple data centers, and apply the technology to PII and PHI. Article
-
Qualified Security Assessor (QSA)
A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Definition
-
Report on Compliance (ROC)
A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS audit. In general, a level 1 merchant is one who processes over 6 million Visa transactions in a year. Definition
-
PCI DSS requirement: Maintaining a vulnerability management program
The third PCI DSS focus area requires antivirus software, secure coding practices, patch management and change control processes be in place. Tip
-
PCI tokenization guidance could benefit payment processors
Framework could help merchants decide how to invest in new card data encryption and tokenization technologies being offered by payment processors. Article
-
Should there be PCI security requirements for bank account data?
Gartner analyst wonders why no PCI-like standard exists for bank account information, which online criminals are targeting. Article
-
Ease credit card risks: POS encryption and data tokenization for PCI
Data tokenization and transaction encryption technologies for PCI DSS, though still mostly new and untested, are already in hot demand. In this tip, John Kindervag of Forrester Research explains what to consider before using tokenization and transact... Tip
-
PCI compliance encryption includes hardening key management systems
As companies deploy encryption to protect cardholder data, French security giant, Thales Group is making the case for hardware security modules (HSMs) to protect the underlying key management systems at the heart of all encryption systems. According ... Interview
-
The cost of an audit: Choosing a competent PCI DSS QSA
Choosing the least expensive PCI DSS QSA for your PCI audit might seem like common sense, but not all auditors know what they're doing. In this expert response, Ernie Hayden describes what to look for in a competent QSA. Ask the Expert