PCI

New PCI Guidance on Simplifying Network Segmentation

The PCI Security Standards Council has released new guidance that is designed to help organizations simplify network segmentation, a practice the council strongly recommends to help protect payment card data.
 
"This guidance we've had in some shape or form for many years, but [the new release] makes it easier to understand," Troy Leach, CTO of the PCI Council, says in an in-depth interview with Information Security Media Group.
 

PCI Data Security Standard 3.2

The Payment Card Industry Security Standards Council (PCI SSC) has published a new version of the industry standard that businesses use to safeguard payment data before, during, and after purchase.  PCI Data Security Standard (PCI DSS) 3.2 replaces 3.1 to address growing threats to customer payment information. Companies that accept, process or receive payments should adopt it as soon as possible to prevent, detect and respond to cyberattacks that can lead to breaches. 

What is the Difference Between EMV and PCI Compliance?

Due to the timing of the upcoming liability shift to EMV on October 1, 2015, and the new PCI requirements that went into effect on July 1, 2015, you may be wondering what the difference is between the two.   
 
Both EMV and PCI Compliance are guidelines for protecting cardholder data for the purpose of reducing fraud, but focus on different elements of the credit card transaction. 
 

PCI: 5 New Security Requirements

The five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, 2015.  Most likely to be affected will be smaller merchants.  New requirements relate to point-of-sale vulnerabilities that have been linked to activities at small and mid-sized businesses.  
 
The best practices, which were included when PCI-DSS version 3.0 was released in November 2013, are as follows:
 
PCI