Posts Categorized: PCI

Level 2 Merchants Required to Have On-Site Assessment by QSA

On June 15, 2009 MasterCard International introduced several changes to their Site Data Protection (SDP) program.  Among these changes was a new requirement for Level 2 Merchants to undergo an on-site assessment by a Qualified Security Assessor in order to validate their PCI DSS compliance.  The initial deadline for these validations is December 31, 2010.

Understanding PCI Levels and Types

Any merchant who accepts credit cards and has a merchant account must validate compliance. It does not matter if you use a 3rd party processor or if you outsource all of your credit card processing. It’s the ownership of the merchant account that defines if you must validate compliance. The only to avoid PCI compliance… Read more »

Batteries.com Credit Card Data Stolen

Yet another data breach involving theft of credit card data has been announced. On March 13th, Batteries.com received notice from a customer about potential unauthorized activity on their credit card. They later discovered the Batteries.com network had been breached from around February 25, 2009 to April 9, 2009. The breach involved theft of names, addresses,… Read more »

Credit Card Data Stolen and Distributed in a Dilebarate Attack

In an ongoing saga, one of the most popular web hosting message boards www.webhostingtalk.com has been dealt another serious blow to it’s security.  Late last month, Webhostingtalk was hacked in a deliberate, sophisticated and calculated manner. The attacker was able to circumvent their security measures and access via a backdoor protected by a firewall to… Read more »

PCI Compliance and Receiving Credit Card Payments by Fax

The low cost of web and email based fax delivery services may seem like a good way to save your business money but not if you receive credit card payments by fax. This would fall under the Payment Card Industry standard section 4 that requires transmission of cardholder data across open-public networks to be encrypted… Read more »

PCI Data Security Standard version 1.2 now active.

As of October 1, 2008 the PCI Data Security Standard version 1.2 became active. There are a number of changes to PCI DSS since version 1.1. Version 1.2 removes much of the ambiguity from earlier versions and provides additional details on items such as the use wireless devices.