No thanks, stay here.  

  We notice you are visiting from a U.S. Internet provider. Switch to our U.S. website.

Latest Industry News

Merchant Account

Credit Card Processing

Point-of-Sale Terminals

Security and Fraud

Press Releases


Get a Rate Quote
Call Us Today
Find us on Facebook

Industry News

Payment processing security tactics can improve overall enterprise security, expert says

By Kristen Lawrence

12/11/2009 - Successful payment processing security involves more than just compliance to the PCI DSS - it involves best practices about data retention and protection, network security and employee training.

All of these practices can - and potentially should - also be applied to other areas of business operations, such as CRM databases, email servers, personnel files and payroll information, said payment processing expert Evan Schuman.

"Overworked IT executives suffering from staff cuts find checklist security quite comforting," he wrote on the McAfee Security Insights blog. "The checklist mentality says that nothing should be done that isn't mandated. And there are no external rules protecting data, beyond payment card, health-related information and some investment data. Is this wise?"

Schuman noted that information such as customer service files stored in a CRM database, customer loyalty tracking information and even payroll information could be valuable targets to hackers, and should be protected with the same rigour as payment processing infrastructure.

However, merchants may need to invest in their payment processing security first and foremost - the Ponemon Institute and Imperva report that just 28 percent of small businesses and 70 percent of large businesses are PCI compliant.ADNFCR-2514-ID-19457692-ADNFCR

Related News - Security and Fraud

PCI DSS compensating controls are not shortcuts, experts remind businesses

18/03/2010

Many businesses think of compensating controls as a shortcut to payment processing compliance. However, compensating controls in reality are nothing near a shortcut - they require research and analysis to correctly implement.

Full Article

PCI SSC: Level 4 merchants shouldn't hold breath for tiered payment processing security requirements

16/03/2010

A common complaint among small, Level 4 merchants is that the PCI compliance mandates are too intense and burdensome for them, and are better suited to larger merchants.

Full Article

No such thing as complete security - but that doesn't mean you shouldn't try

16/03/2010

Many payment processing industry players blame the PCI DSS for leading organisations to prioritize compliance instead of security. However, the PCI DSS is not to blame, as there is no such thing as complete security, said a recent article.

Full Article

PCI SSC's Bob Russo urges merchants to 'live, breath, eat, sleep, not PCI, but security'

15/03/2010

Although the PCI Security Standards Council is currently evaluating new payment processing technology for potential inclusion in the new PCI DSS to be released in October, none of the technologies will be a silver bullet for compliance, reported PCI SSC general manager Bob Russo.

Full Article