Tag Archives: breach

PCI Brand Marked with a Coward’s Shame?

security curmudgen, from attrition.org, has several good questions about the whole Heartland-Visa-PCI incident, such as:

  • According to Visa, was Heartland PCI compliant or not prior to the breach? And why has the answer changed?

Continue reading

Advertisements

Leave a comment

Filed under Audit, Security, Written by Skyyler

HIPAA Changes Coming 2/2010

The American Recovery and Reinvestment Act includes changes to HIPAA, including:

  • Much higher civil penalties for violations.
  • Covered entities must disclose security breaches when client data is exposed.
  • Business associates will be subject to the same civil and criminal penalties as covered entities.

The changes are not effective until February 2010.

David Mortman of Searchsecurity.com provides an overview of the changes here.

For a more comprehensive list of changes, see Thomson Hine (PDF).

Leave a comment

Filed under Audit, Security

Attackers Don’t Help Companies, PCI Does

Is PCI still relevant? Some are proclaiming that PCI is irrelevant due to the recent, high-profile breaches. David Mortman disagrees, and I’m on his side.

Continue reading

Leave a comment

Filed under Audit, Security

Visa Yanks PCI Compliance of Processors

Dan Goodin reports that RBS WorldPay and Heartland Payment Systems are no longer considered Payment Card Industry (PCI) compliant by VISA. Both credit card payment processors had recent breaches.

Gartner analyst Avivah Litan, who tracks payment card security, said, “Retailers and other companies are not allowed to do business with processors that are not PCI compliant so this puts all of Heartland’s customers and all of RBS’s customers out of compliance,” she told The Register. “It’s nebulous, as most of PCI enforcement is.”

If you’re PCI compliant, it’s a good time to remind management that compliance isn’t the end of the road. Being compliant does not mean your security is ironclad; it means that you have taken some of the first steps forward. Don’t rest.

More on the PCI Data Security Standard.

Leave a comment

Filed under Security