The latest edition of the ISMG Security Report offers an in-depth analysis of how to prevent data exposure in the cloud. Plus: why PCI's new contactless payment standard lacks PINs, and how to go beyond the hype to accurately define "zero trust."
Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.
A closely held type of point-of-sale malware, DMSniff, is spreading further while another, GlitchPOS, has also emerged. Despite a surfeit of stolen payment card details on the black market, efforts to steal more continue, highlighting the continuing challenges around card security.
Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. The retailer will pay $1.5 million and must use encryption and tokenization to protect card data.
The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and affected individuals of a breach as required by the HIPAA Breach Notification Rule.
As new payment options continue to emerge via mobile phones and internet of things devices, the PCI Security Standards Council is broadening its security efforts, starting with a new standard for contactless payments coming early next year, says Troy Leach, PCI SSC's chief technology officer.
As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.
New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions. But are they ready?
As payment card fraud schemes continue to evolve, the PCI Security Standards Council has to recalibrate its standards and programs, says Troy Leach, the council's CTO, who describes three key updates.
Security experts analyze the potential impact of recently announced changes to the PCI Security Standards Council's Qualified Integrators and Resellers Program that are designed to help smaller merchants prevent breaches.
The PCI Security Standards Council is offering 40 percent lower fees for participating organizations in nations with lower-income economies. "We want to encourage countries in Africa and South Asia to get engaged with us," Jeremy King, international director at PCI SSC, tells ISMG in an exclusive interview.
A one-off approach to PCI DSS compliance often results in increased risk factors by creating discrepancies in security levels between environments within the shared network. Such an approach can be overcome by focusing on a central governance, risk, and compliance program designed to manage your organization's own...
The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
Global hotel chain Hilton has reached a $700,000 settlement agreement with New York and Vermont over two separate data breaches discovered in 2015 that exposed more than 360,000 payment card numbers.
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
