SecuriTIM PCI DSS Knowledge Base - All Discussions Feed

SecuriTIM PCI DSS Knowledge Base - All Discussions Feed Thu, 09 Sep 2010 08:29:17 +0100 http://securitim.com/vanilla/ Lussumo Vanilla 1.1.5a & Feed Publisher HPY - The latest breach.... 100 million credit cards stolen http://securitim.com/vanilla/comments.php?DiscussionID=7&page=hpy-the-latest-breach-100-million-credit-cards-stolen http://securitim.com/vanilla/comments.php?DiscussionID=7&page=hpy-the-latest-breach-100-million-credit-cards-stolen Sat, 24 Jan 2009 14:57:34 +0000 securitim.com
http://www.usatoday.com/money/perfi/credit/2009-01-20-heartland-credit-card-security-breach_N.htm

I took a moment to see if they were PCI Compliant and they were audited in March 2008 by Trustwave:

http://www.mastercard.com/us/sdp/assets/pdf/Compliant%20Service%20Providers%20-%20January%2015%202009.pdf

QSAs cannot be held liable for customer breaches, but seeming the compromise occurred only a few months after their final audit it does bring into question PCI DSS auditing practices and whether or not they're just 'tick in the box' or actually leave companies with a long-lasting compliance strategy that actually helps merchants/service providers remain compliant.

I'm hoping this wakes companies up to the risks of dealing with credit cards and it highlights the fact that just because they've ticked all the boxes in an audit doesn't mean they can slack off for the rest of the year, play golf and let hackers help themselves to valuable customer records.

Especially in times of recession, criminals will always be one step ahead. Point security solutions don't necessarily help, but ensuring the integrity of core systems and ensuring a full independent audit trail is essential to help combat the ever increasing likelihood of successful intrusion. ]]> Does two factor authentication under 8.3 apply to my head office network too? http://securitim.com/vanilla/comments.php?DiscussionID=8&page=does-two-factor-authentication-under-83-apply-to-my-head-office-network-too http://securitim.com/vanilla/comments.php?DiscussionID=8&page=does-two-factor-authentication-under-83-apply-to-my-head-office-network-too Sun, 22 Feb 2009 12:34:40 +0000 FAQ What's the difference between application (6.6) and penetration (11.3) testing? http://securitim.com/vanilla/comments.php?DiscussionID=9&page=whats-the-difference-between-application-66-and-penetration-113-testing http://securitim.com/vanilla/comments.php?DiscussionID=9&page=whats-the-difference-between-application-66-and-penetration-113-testing Sun, 22 Feb 2009 12:36:43 +0000 FAQ