Who’s responsible for what? Data flow dynamic of payment card security

by Sarah Harvey / December 16, 2022

Data flow dynamic of payment card security Last month, the Electronic Transactions Association (ETA), a global association which represents those in the payments space, announced a partnership with the PCI Security Standards Council (PCI SCC). This partnership brought the two together at TRANSACT 15, ETA’s annual conference, to present the industry with the most recent PCI DSS updates as well as focus the payments community on data breach prevention and payments…

PCI Readiness Series: PCI Requirements 1 and 2

by KirkpatrickPrice / April 12, 2023

Are you a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data? If so, this is a great place to be introduced to the PCI DSS. The PCI Security Standards Council is a third-party organization that was developed for the sole purpose of managing the security of cardholder data. Prior to the PCI Security Standards Council, each payment card brand managed their own security standards. Eventually, the payment…

5 Deadly Compliance Mistakes

by Sarah Harvey / December 16, 2022

1. Compliant ≠ Secure One of the most troubling mindsets within an organization is “I’m compliant, ergo I’m secure.” Where compliance may be a good place to begin your “quest for security”, unless you look at your environment from a risk-based approach, and manage your environment based on the results of your risk analysis, you may be unpleasantly surprised when an outsider exploits a vulnerability found in your infrastructure. Simply…

Life’s a Breach: 6 Steps of Incident Response

by Sarah Harvey / June 14, 2023

Cyberattacks and data breaches are things all business owners have learned to accept as a possibility. Breaches and hacks penetrate the headlines almost daily, and as technology continues to evolve, so do the ever-present threats associated with these types of risks. There are two sides to every breach, however. Prevention and recovery. You’re most likely already taking steps towards protecting your organization from the possibility of a breach, but have…

Preparing for the CFPB: Vendor Compliance Management

by Sarah Harvey / June 13, 2023

According to CFPB Bulletin 2012-3, companies must “oversee” their vendors “in a manner that ensures compliance with Federal consumer financial law…The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.” An effective risk management strategy includes the assessment and monitoring of vendor compliance; in accordance with your company’s formally written policies and procedures. Today’s compliance program certainly involves an ongoing struggle in organizing vendor…