Are you storing customer data properly? The challenges of PCI DSS compliance
Nov 02
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations 
Breaking Global News
Global Compliance and Privacy News – Breaking News, updated every 30 minutes
• Compliance, Privacy and Security
• Money Laundering
• Phishing
• Regulatory Issues
• SOX, Basel 2, MiFID News
How the New EU Rules on Data Export Affect Companies in and Outside the EU – Thomas Helbing
Farmers’ Data Leak Highlights Old Technology Use – Wick Hill
Saving Money with SFTP – Wick Hill
UK Information Commissioner targets firm selling vetting data – Eversheds e80
12 Key Steps to Internet Security – Wick Hill
Telephone Monitoring Legality in the UK – Dechert
Firewall or UTM – Wick Hill
UK Information Commissioner demands mobile device encryption – Eversheds e80
Data loss – liability, reputation and mitigation of risk – Eversheds e80
Phorm, Webwise and OIX – BCS Security Forum
The challenges of PCI DSS compliance – Thales, Russell Fewing
“Quality” Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 – Wick Hill
Unified Threat Management – Watchguard Technologies
Trust is not about SSL, It’s about Domains – ComplianceAndPrivacy Survey
Centralised UTM – a Wick Hill White Paper
Mobile & Remote Working – Is it secure? Wick Hill
news archives:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 
[What is this?]Industry Blogs
• Tim Berners Lee’s Blog
• Tim Callan’s SSL Blog
• Davis Wright Tremaine’s Privacy & Security Law Blog
• Emergent Chaos Blog
• Michael Farnum’s Blog
• Phillip Hallam-Baker’s Blog – The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
• Stuart King’s Security and Risk Management Blog
• David Lacey’s IT Security Blog
• Metasploit Official Blog
• Jeff Pettorino’s Security Convergence Blog
• Jeff Richards’s Demand Insights Blog
• David Rowe’s Risk ManagementBlog
• Bruce Schneier’s Security Blog
• Larry Seltzer’s Security Weblog
• Mike Spinney’s Private Communications Blog
• Richard Steinnon’s Threat Chaos Blog
• The TechWeb Blog
• Tim Trent’s Marketing by Permission Blog
• Rebecca Wong ‘s DP Thinker Blog Newsletters
23 February Newsletter
Newsletter Archives are located in “News” Industry Update
Internet Security Intelligence Briefing – November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/SpywareReports
Phorm, Webwise and OIX – BCS Security Forum
‘The Any Era has Arrived, and Everyione has Noticed‘ – Stratton Sclavos – VeriSign
Identity Security – Time to Share
Malicious code threats – iDefense
Public Alerts – updated as they happen from Stopbadware.org
Public Alerts – updated as they happen from Websense
Public Advisories – updated as they happen, from iDefense
Phoraging – Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60 Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here Case Studies
Finance Industry
Case Study Example
A case study on a Finance industry company.White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service – description of the service
Life of a Threat – Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance – Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library
Legal Notices
Privacy Policy
Terms of use
Current News Updates
by Russell Fewing , Services Marketing Manager at the Information Systems Security activities of Thales
Data security breaches are hitting the headlines with alarming frequency. While the most recent breaches have involved the public sector and financial services industries, retailers are not immune from the rise of data losses. Cotton Traders, the UK leisurewear and casual clothes brand, for example, recently conceded that thousands of customer details had been stolen from the company’s website. Last year saw perhaps one of the most publicised cases involving retail giant, TJ Maxx, which found that hackers had accessed internal systems used to process and store customer transaction data, including credit card, debit card, cheque and return transactions. The incident cost TJ Maxx $256 million1 and the company is now offering to pay Visa card issuers a further $40.9 million2 to compensate for costs connected to the data breach. With data security cases rising in number and severity, the various industries affected are pulling together in an attempt to reduce the risk of fraud. The Payment Card Industry Data Security Standard (PCI DSS ) is one such example which aims to crack down on fraud associated with credit and debit cards. However, the implementation of PCI DSS is not without its challenges and these must be overcome if the standard is to be used as an effective weapon in the fight against card fraud.
PCI DSS aims to prevent any information that could be used to make a counterfeit card or a fraudulent online transaction from falling into the wrong hands. The standard applies to every acquiring bank, merchant and third party that accepts or processes payment cards. It is now mandatory for businesses with over 100,000 transactions a year to either be PCI DSS compliant or be able to demonstrate plans to become so. However, there is one element of the standard which is proving to be a particular stumbling block ? requirement 3: protecting the stored cardholder data. In fact, 79 per cent of PCI DSS audit failures are due to companies not implementing requirement 3 properly.
Retailers have to store customer data, for example in order to be able to refund payments. PCI DSS compliance implies that protecting cardholder data involves storing only the minimum information needed to make the stored data valueless to anyone who does manage to steal it. While there are various PCI DSS approved techniques for achieving this, strong cryptography is the most sophisticated and most successful approach for protecting stored cardholder data, ensuring that the information remains safe even if the other layers are breached. Encryption also allows data to be stored for as long as necessary and as flexibly as possible.
With strong cryptography a secret ?key’ value is used in an encryption algorithm to protect the cardholder data. As long as this ?key’ value remains secret, the encrypted data is safe. Consequently, the best way to store the secret ?key’ is to use a cryptographic Hardware Security Module (HSM) that performs all of the encryption and decryption of data and never allows users or applications to see the key. The improved security resulting from this approach is a considerable benefit not only in demonstrating compliance with the PCI DSS but also in mitigating risk for an organisation, and avoiding fines and penalties associated with non-compliance.
Compliance with PCI DSS may be perceived by the industry as another regulatory burden that they could do without, particularly when it comes to implementing the more challenging requirements such as protecting stored cardholder data. However, as fraudsters become increasingly sophisticated and data breaches among retailers continue to regularly make the headlines, PCI DSS compliance should be viewed as an opportunity to review security processes and ensure that it’s not your company name hitting the headlines in tomorrow’s newspapers.
Sources
1 Search Security, ? TJX profit takes hit over data breach’, 15 th August 2007
2 Search Security, ? TJX offers $40.9 million breach settlement’, 3 rd December 2007
This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.
View the original article here
Posts Related to Are you storing customer data properly? The challenges of PCI DSS compliance
Trust is not about SSL. It’s about domains
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations Breaking Global News Global Compliance ...
Thanks for this post. It’s very useful.
Hey great weblog, just pondering what spam software package you use for responses for the reason that i get lots on my weblog. Can you please let me know here, so that not only I but other spectators can put it on our blogs as well.
This is very moving work you have written for us. Some people need to know that these things can ensue to anyone. You have given me a better position now
Please delete this before anyone else see’s but you have a nice blog and you could really benifit from these free links and automation http://bit.ly/9UP9Zx
Don’t leave this comment on your blog, but you can get a TON more traffic if you use http://bit.ly/9U4yUb
Don’t leave this comment on your blog, but you can get a TON more traffic if you use http://bit.ly/9U4yUb
I really love this particular theme style. Might you notify to me which theme you are utilizing? Or was it custom created?
I’d like to say thanks for the time you took compiling this post. This has been enlightening for me. I’ve forwarded this to a friend of mine.
Hey – nice blog, just looking around some blogs, seems a pretty nice platform you are using. I’m currently using WordPress for a few of my sites but looking to change one of them over to a platform similar to yours as a trial run. Anything in particular you would recommend about it?
Any businesses require a lot of commitment of time and money to get started. However, an Internet Business doesn’t require as much money to get started as a conventional business, but it does require a lot of time and some money
I’d like to say thanks for the efforts you have made writing this post. You’ve an inspiration for me. I have passed this on to a friend of mine.
I had been so discouraged beacuse We couldn`t solve this issue. I quickly found your site in the search engines as well as issue is solved. Many thanks!
Just discovered your website on the internet and i think it is a pity that you’re not rated higher since this is a terrific post. To alter this i decided to save your site to my Rss or atom readers and I’ll try to say a person in a single of my personal articles since you genuinely deserv much more readers when publishing content material of the quality.
Simply found your site on the internet but it is a pity that you are not rated higher as this is a terrific post. To alter this i decided to save your site to my Rss reader and I will try to mention you in one associated with my posts since you truly deserv more visitors when publishing content material of this high quality.
Hey! Stored it to my desktop:) Great post.
As a daily web surfer, I¡¯m always searching online for websites that can help me. Thank you
Appreciation for the great blog post. I am glad I have taken the time to learn this.
I only use de-oudourant under one arm, so I know what I would have smelled of.
I really appriciate this blog. I am a huge follower of anything computer/tech releated and save most of the articles I can locate on the subject. Your The Best
Between me and my husband we’ve owned more MP3 players over the years than I can count, including Sansas, iRivers, iPods (classic & touch), the Ibiza Rhapsody, etc. But, the last few years I’ve settled down to one line of players. Why? Because I was happy to discover how well-designed and fun to use the underappreciated (and widely mocked) Zunes are.
Hey this post is very good. Can you comment me any related articles?
I am glad to talk with you and you give me great help! Thanks for that, I am wonderring if i can contact you via email when i meet problems?
inordinate post you sit on
I know i’m a little off topic, but i just wanted to say i love the layout of your blog. i’m new to the blogegine platform, so any suggestions on getting my blog looking nice would be appreciated.
weight loss is important to most people and it was to me so I got a website designed for people who want help with weight loss check it out!
Philip Knight below the identify Blue Ribbon Sports with vendors like eBay the place you honestly will not.
Hey, i think you visited my website so here i am!.I am looking for ways to add things to my website!I suppose its ok to use some of your ideas!!
Most of the times i visit a blog i get disappointed.On the other hand,I have to say that you have done a good job here.
I am pressing forward even though it hurts, thanks for the nudge. I Love that you love me enough to nudge me to press forward, because, you know the power within me, I know that you love everyone the same, as Christ loves us enough to carry us when we are weak. You are Loved Marshall, Thanks for following Christ’s example. The true meaning of being Christlike in your actions.
Lengthy ago i came upon your website and can be already reading along. I thought overall I recommend leave my first comment. I don’t extremely well what to imply except that I’ve enjoyed reading. Nice blog. I’ll keep visiting this site really often.
My husband just told me about your site. He saved it on the computer so I could look at it and I must say you’ve got some awesome stuff here. Sorry I don’t have much more to contribute, but I just wanted to offer up some encouragement.
Hi, this a fantastic post buddy. Great Share. Unfortunately I am experiencing problem with the RSS . Don’t know why Fail to subscribe. Is there anybody else getting similar RSS issue? Anyone who can help please respond. Thankx
Cheers you legend. Come check my web page, you likely will like it.
Hello My name is Boyd ,I am a tea lover, truly LOVE the smell & the tingling sensation of tea as the first thing after getting up. I consume minimum eight glasses every day. BTW awesome blog, Have a nice day.
Surprisingly! It is like you understand my mind! You seem to know a lot about this, just like you wrote the book in it or something. I think that you could do with some pics to drive the message home a bit, besides that, this is good blog post. A good read. I will definitely revisit again.
Awsome article and straight to the point. I am not sure if this is truly the best place to ask but do you folks have any ideea where to hire some professional writers? Thanks
A helpful post, I just passed this onto a colleague who was doing a little analysis on that. And he in fact purchased me dinner because I found it for him. smile. So let me reword that: Thank you for the treat! But yeah Thank you for spending the time to discuss this, I feel strongly about it and enjoy reading more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. Big thumb up for this blog!
Your details are very good; we got new knowledge from your site. Template also very good, color matching is well. I will keep visiting your site often. This is a great article thanks for sharing this information. Give your knowledge for all people. Because who likes to know more information. I saved some details to me.
Is there any way to subscribe to this post? I’d like to be updated on the comments here as they come in. I’ve always been somewhat of a debater and I’d like to hear other’s opinions on this issue.
I recently came across your website and have been reading a lot of posts of yours. I just thought I’d add a quick comment and let you know that you’ve got a really nice blog. I’ll watch out for updates from you!
I was chatting with my friend on MSN about this and I’ve got to say that I completely agree with the poster near the beginning. And on a side note, I really like the colors you used for your blog. What theme is this?
I agree with what the guy a few posts up said. This is a wonderful blog and I’m glad you’re sharing this information with the rest of us.
Love the blog here. Nice colors. I am definitely keeping up on the comments here. I hope to see more from you in the near future.
Zune and iPod: Most people compare the Zune to the Touch, but after seeing how slim and surprisingly small and light it is, I consider it to be a rather unique hybrid that combines qualities of both the Touch and the Nano. It’s very colorful and lovely OLED screen is slightly smaller than the touch screen, but the player itself feels quite a bit smaller and lighter. It weighs about 2/3 as much, and is noticeably smaller in width and height, while being just a hair thicker.