PCI's tag archives

Anti Virus and PCI Compliance

Posted by Peter Zendzian in Sunday, December 27th 2009   under: PCI, Security, Sysadmin    Tags: , , , , ,    

Last year PCI DSS 1.2 was released changing the intent of the controls required for anti-virus software. In version 1.1 anti-virus software was only required for systems commonly affected by viruses and excluded UNIX based operating systems and mainframes. Version 1.2 now requires all operating system types commonly affected by malicious software be protected and [...]

1 comment

PCI Compliant Hosting – Are you sure your host knows what PCI is and what they are selling?

Posted by David M. Zendzian in Wednesday, October 28th 2009   under: PCI    Tags: , , , , ,    

I recently had a discussion with a potential customer on why they should work with ZZ Servers instead of one of the now hundreds of other hosting providers offering PCI “compliant” hosting services. After spending the last 5 years doing PCI Level 1 validations I have run into many areas that hosting providers just do [...]

no comment

Amazon confirms EC2/S3 does not meet PCI guidelines

Posted by Peter Zendzian in Monday, August 17th 2009   under: PCI, Security    Tags: , , , , , ,    

If your business requires PCI compliant hosting services because you store, transmit or process cardholder data, hosting in the cloud may not be for you.  Most cloud providers do not have the controls or processes in place to protect sensitive cardholder data or the willingness to enter into required business arrangements with merchants.  Because of [...]

2 comments

Understanding PCI Levels and Types

Posted by Peter Zendzian in Tuesday, June 2nd 2009   under: PCI    Tags: , , , , ,    

Any merchant who accepts credit cards and has a merchant account must validate compliance. It does not matter if you use a 3rd party processor or if you outsource all of your credit card processing. It’s the ownership of the merchant account that defines if you must validate compliance. The only to avoid PCI compliance [...]

no comment

Batteries.com Credit Card Data Stolen

Posted by Peter Zendzian in Wednesday, May 27th 2009   under: PCI, Security    Tags: , ,    

Yet another data breach involving theft of credit card data has been announced. On March 13th, Batteries.com received notice from a customer about potential unauthorized activity on their credit card. They later discovered the Batteries.com network had been breached from around February 25, 2009 to April 9, 2009. The breach involved theft of [...]

3 comments

PCI Compliance and Receiving Credit Card Payments by Fax

Posted by David M. Zendzian in Friday, October 31st 2008   under: PCI    Tags: , ,    

The low cost of web and email based fax delivery services may seem like a good way to save your business money but not if you receive credit card payments by fax. This would fall under the Payment Card Industry standard section 4 that requires transmission of cardholder data across open-public networks to be encrypted [...]

no comment
« Older Entries