Category Archives: PCI DSS

PCI DSS v3.0: FAQs and Security Basics

17 Monday Feb 2014

Posted by in File Integrity Management, PCI DSS

2 Comments

Tags

, , , , , ,

InformationProtectionPCI DSS recently implemented a new and improved guideline for compliance. However, many business owners are still in the dark in regards to PCI DSS as a whole.  Here is a quick refresher covering some of the basics about the policy and how it works.

PCI DSS—The Basics

What does PCI DSS stand for?

PCI DSS stands for Payment Card Industry Data Security Standard.  PCI DSS functions to protect the consumer’s sensitive data particularly during POS, ATM, and all credit/debit card transactions.

What year was PCI DSS first implemented?

On December 15, 2004, the Payment Card Industry Security Standards Council (PCI SSC) was formed to lay down the guidelines for a policy. The original version was put in place in September of 2006.

Continue reading

The Happy Hacker: Top 5 X-Mas Gifts for the Cyber Criminal

23 Monday Dec 2013

Posted by in cyberattack, PCI DSS

3 Comments

Tags

, , , , , , , , , , , , , , , , , , , , , , ,

Hackers don't deserve presents.

Hackers aren’t your friends. Don’t give them gifts.

Christmas is nearly upon us once again.  And just like every year, there are certain items this holiday season that everyone must have.

For many, it is the Xbox One, or PlayStation 4.  Or perhaps a shiny new HD television is tops on your list.

But what does the professional computer hacker hope to find under his/her proverbial tree?

Hackers are human beings too; besides, even those employed in the most nefarious of professions are going to want some sweet new gifts—just like the rest of us.

Here’s a look at some top gifts sure to be high on all hackers’ lists this Christmas.

5.  Credit Card Skimmer

Not all hackers like to work from home. The skimmer first came in to prominence when a waitress used one to swipe customers’ credit card information.  You are in danger anytime your card leaves your hand and is out of sight (or anytime you are shopping at Target.)

4. Your Password

Continue reading

Is your End-of-Life (EOL) Operating System (OS) Non-code Compliant?

02 Monday Sep 2013

Posted by in File Integrity Management, PCI DSS

2 Comments

Tags

, , , , , , ,

Don't let your antiquated OS keep you from PCI DSS compliance.

Don’t let your antiquated OS keep you from PCI DSS compliance.

As it turns out, you can learn a lot about the tech-industry from your non tech-savvy parents.  It’s true.

Recently I had a debate with my Dad—who fits firmly into the recently-retired-baby-boomer demographic—about his incessant use of the uber-outdated Windows XP OS.

My key argument—the shear speed or lack thereof—wasn’t making much of a dent in my Father’s philosophy.  I suppose for the pink-socks-and-jorts clad clan, speed is not a top priority.

However, once I hit upon the news that End-of-Life (EOL) operating systems (OS) were nearing not just extinction but code compliance issues—I now held the narrative to get Dad back to the 21st Century.

PCI DSS Code Compliance

Many businesses feel that being PCI DSS compliant means only having the right FIM in place to protect their clients’ data that is stored via a POS. Whereas this is a huge part of compliance, it is overlooking some other key areas where breaches might be imminent.

Continue reading

The POS: Modern Day Convenience and Hacker’s Paradise

10 Monday Jun 2013

Posted by in PCI DSS, Point of Sales

2 Comments

Tags

, , , , , , ,

The POS has evolved from cash register into a data storage device.

The POS has evolved from cash register into a data storage device.

The most important key to understanding how to get your company up to compliance with PCI DSSv2.0 is to understand the role of the Point of Sales (POS) system.

If your company’s POS becomes compromised, you  risk putting your loyal customers’ personal data in the hands of crooks.

The History of POS

Point of Sales systems have been around since the late 19th Century. The early incarnations were little more than basic cash registers until the 1970s, when registers became computer-driven.

• 1879 — While on a steamboat trip to Europe, James Ritty became fascinated by a device that kept track of the boat’s propeller revolutions.

Once back from his trip, he set out with his brother, John, to create a similar device that could be used to record cash transactions at his Dayton, Ohio saloon. Patented as “Ritty’s Incorruptible Cashier,” the first POS was born.

•  1970s — This decade saw the rise of computer-driven cash registers. Essentially, these were mainframe computers that monitored a set of chosen registers.

Pages: 1 2

PCI Forensic Investigator (PFI)—What do they do?

30 Thursday May 2013

Posted by in PCI DSS, PCI Forensic Investigator (PFI)

2 Comments

Tags

, , , , , , , , , , , , , ,

EzFIM pic copy

The PFI is similar to a television detective.

In the wonderful world of television, a popular genre is the police procedural. From the old school cop shows such as NYPD Blue and Hill Street Blues to more recent shows such as CSI: Miami and Castle, they all feature an engaging plot line centered around the resolution of a mystery through a systematic approach—plus cool car chases and hyper-attractive heroes.

Much like the hotshot detective or forensic crime scene specialist, in the real world of Internet Security, the Payment Card Industry (PCI) has their very own sleuth: The PCI Forensic Investigator (PFI).

What is a PFI?

First, all PFI Investigators must be approved by the PCI DSS, and any legal entity, organization or company that seeks to become a PFI, must be a qualified Quality Security Assessor before becoming one.

Once approved, the PFI Investigator’s central focus is dealing with credit card breaches.  Once a security breach is recognized, the PFI begins an on-site investigation to better understand how the breach occurred.

Pages: 1 2

The Role of the Quality Security Assessor (QSA)

22 Wednesday May 2013

Posted by in File Integrity Management, PCI DSS, Quality Security Assessor (QSA)

Leave a comment

Tags

, , , , ,

When you deposit money into your bank, you can rest assured that it is safe.  Even if your bank is robbed, the Federal Deposit Insurance Corporation (FDIC) protects your account through deposit insurance worth up to $250,000 of each account holder’s investment.

The QSA's ultimate goal is to ensure your client's stored information is locked up safely.

The QSA’s ultimate goal is to ensure your client’s stored information is locked up safely.

Created by the Banking Act of 1933, the FDIC was put in place to protect the consumer’s investments. Essentially, it is an additional layer of protection; insurance should even the thickest of safes become compromised.

Protection beyond physical means was the impetus for the Payment Card Industry’s creation of the Data Security Standard.

The Danger of POS

Much like late nineteenth century banks were easy prey for bank robbers, point-of-sales (POS) machines have become a hacker’s favorite tool for theft.

Pages: 1 2

No Need to Distress over PCI DSS

17 Friday May 2013

Posted by in File Integrity Management, PCI DSS, Quality Security Assessor (QSA)

3 Comments

Tags

, , , , , , ,

It wasn’t too long ago that I had no idea what the abbreviation “BRB” meant. By the time I figured it out, the person that I was texting with had long returned from whatever they were doing. Text messaging, like Facebook, has now segued into everyday life, and you certainly do not have to be too “tech savvy” to join in—here’s looking at you, Mom!

EzFIM - File Integrity Management so simple it's Ez!

EzFIM – File Integrity Management so simple it’s Ez!

Picking up on the latest style of communication is similar to learning a new language. And this is nothing to “LOL” about.

At EzFIM we know that technical jargon about code compliance is difficult to grasp.  However, a firm understanding of the importance of PCI DSS compliance is crucial to learn about, and downright dangerous to do without.

What is PCI DSS?

Have you ever used your credit card to pay for something? I am sure you have. Well, your card was swiped into a Point-of-Sales (POS) machine.  It is difficult to visualize but that simple swipe of your card has transferred extremely sensitive information about you into a database.

Pages: 1 2

Understanding File Integrity Monitoring (FIM)

06 Monday May 2013

Posted by in File Integrity Management, PCI DSS, Quality Security Assessor (QSA)

7 Comments

Tags

, , , , , , , ,

Technology, and how we use it, is an ever-evolving, organic process. In fact, it makes Bob Dylan’s sage observation-The Times They Are a-Changin’-just as relevant now as it was forty-nine years ago.

EzFIM - File Integrity Management so simple it's Ez!

EzFIM – File Integrity Management so simple it’s Ez!

Times are changing, just as processes are evolving.

Google has become both a noun and a verb. A baseline understanding of abbreviations coupled with the ability to engage in condensed conversation—Twitter, anyone?—have become essential.

Just as computers have segued from novelty to necessity, so have methods of file management.

Pages: 1 2