No thanks, stay here.  

  We notice you are visiting from a U.S. Internet provider. Switch to our U.S. website.

Industry News

Payment processing security tactics can improve overall enterprise security, expert says

By Kristen Lawrence

12/11/2009 - Successful payment processing security involves more than just compliance to the PCI DSS - it involves best practices about data retention and protection, network security and employee training.

All of these practices can - and potentially should - also be applied to other areas of business operations, such as CRM databases, email servers, personnel files and payroll information, said payment processing expert Evan Schuman.

"Overworked IT executives suffering from staff cuts find checklist security quite comforting," he wrote on the McAfee Security Insights blog. "The checklist mentality says that nothing should be done that isn't mandated. And there are no external rules protecting data, beyond payment card, health-related information and some investment data. Is this wise?"

Schuman noted that information such as customer service files stored in a CRM database, customer loyalty tracking information and even payroll information could be valuable targets to hackers, and should be protected with the same rigour as payment processing infrastructure.

However, merchants may need to invest in their payment processing security first and foremost - the Ponemon Institute and Imperva report that just 28 percent of small businesses and 70 percent of large businesses are PCI compliant.ADNFCR-2514-ID-19457692-ADNFCR

Related News - Security and Fraud

Expert: PCI compliance not optional, and non-compliance can get costly

05/02/2010

Payment processing security - and the requisite PCI-DSS compliance - can be daunting to businesses of any size, but especially for smaller merchants that do not have an IT department to help them make sense of the requirements.

Full Article

Heartland Payment Systems beefs up payment processing security with end-to-end encryption, tokenization

04/02/2010

Few other companies have been burned in payment processing security like Heartland Payment Systems has. So what do the security initiatives look like from a company whose stakes are so high? They are extensive, for one.

Full Article

PCI Security Standards Council busy with more than just PCI-DSS revisions

04/02/2010

Though the new version of the PCI-DSS, the governing set of security regulations for the payment processing industry, is due out in October of this year, businesses whose merchant services include debit and credit card processing will likely hear from the PCI Security Standards Council before October.

Full Article

PCI SSC changes rules regarding audio recordings of payment processing data

03/02/2010

The PCI Security Standards Council has updated its FAQ section, changing the rules regarding payment processing information stored on audio recordings.

Full Article