Last year, 92 million people bought things online using credit cards, debit cards and services like PayPal and Google Checkout. Millions of others paid bills and wired money electronically from bank accounts with just a few clicks.Despite the apparent popularity of all these services, they still cause nagging anxiety for many of us.We wonder, how secure are these payment systems? Will I be out the money if someone steals my account numbers and goes on a wild shopping spree or bleeds my savings dry?Deciding which online payment method to use would seem to be a simple matter of picking whichever offers higher security. But the wise consumer also weighs the legal protections in the case of theft: the best security and the lowest liability don’t necessarily go together.Here’s the lowdown on the risks associated with the most popular ways to pay online:
This guide to compensating controls is excerpted from chapter 12 of PCI Compliance by Dr. Anton Chuvakin and Branden Williams (Syngress, 2009). For a full sample chapter, see http://www.pcicompliancebook.info/
Information in this chapter:
* What is a Compensating Control?
* Where are Compensating Controls in PCI DSS?
* What a Compensating Control Is Not
* Funny Controls You Didn’t Design
* How to Create a Good Compensating Control
Few payment security professionals can find a hotter PCI DSS topic than compensating controls. They always look like this mythical accelerator to compliance used to push PCI Compliance initiatives through completion at a minimal cost to your company with little or no effort.
Compensating controls are challenging. They often require a risk-based approach that can vary greatly from one Qualified Security Assessor (QSA) to another. There is no guarantee a compensating control that works today will work one year from now, and the evolution of the standard itself could render a previous control invalid.
Also on CSOonline: PCI DSS No Angel, But Certainly Not the Devil
The goal of this chapter is to paint a compensating control mural. After reading this chapter, you should know how to create a compensating control, what situations may or may not be appropriate for compensating controls, and what land mines you must avoid as you lean on these controls to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS).
RSA 2010 EXCLUSIVE PCI Security Standards Council Interview
At RSA 2010, I was given a unique opportunity to interview Bob Russo GM at PCI SSC and Troy Leach CTO at PCI SSC. I have prepared a deck of very tough questions and then had an hour-long discussion with Bob and Troy around those questions. What follows is the interview reconstruction from my notes with minimum edits and clarifications by the Council folks.
Achieving compliance with PCI DSS encryption requirements is no easy feat. However, tokenization, a growing technology that enables a token to replace a credit card number in an electronic transaction, is emerging as a useful, complementary strategy for saving time, money and turmoil during your PCI DSS compliance processes.
This mini learning guide offers a brief introduction to tokenization technology, as well as PCI DSS encryption requirements. Learn more about the future of tokenization and how the technology may help to ease PCI DSS compliance burdens.
Thieves are accessing personal financial information using the old-fashioned smash-and-grab method, but what they’re grabbing are point-of-sale terminals, not merchandise.
CBC-TV’s Marketplace has learned that many retailers are not helping the situation because they leave valuable information on the terminals where customers swipe their debit and credit cards when paying for purchases instead of wiping the data each night as they’re supposed to.
It’s the equivalent of leaving the store vault open and full of cash, except the cash is credit and debit card data, said RCMP Det. John Koppes of Abbotsford, B.C., who is the Mounties’ computer crime specialist.
Watch “Who’s Minding the Store” on Marketplace, Friday at 8:30 p.m. ET, 9 p.m. in Newfoundland and Labrador.
“In the old days, they’d go with a gun, and they would try to get into the bank vault,” said Koppes. “The criminals now know that the open bank vault per se can be the point-of-sale terminals sitting on a counter top or in a store.”
Credit cards have become so popular today as a means of payment that they are accepted by almost every merchant that exists today. With the credit card being so popular, there have been a lot of banks that issue credit cards of either own and most of the credit cards that exist today make use of either Visa or MasterCard. However, even though there are various credit cards that can be found these days, all of them actually work in the same way.To start a payment process that uses a credit card, a merchant should first calculate the total amount of items that a buyer is purchasing. Then, after the merchant has received the credit card from the buyer, he or she will then swipe the card by passing it through an insertion line in a point-of-sale unit that has been designed especially for credit cards. At this point of time, it is necessary to determine the total amount to cut off the credit card in use.There are usually 2 ways of determining this total amount. The first way is that the merchant enters the amount manually by typing it into the point-of-sale machine. Another way is to transmit the amount digitally by means of transmission from the cash register. Either way it will usually work just fine since they are basically used for the same purpose.After this process has been completed, the merchant then sends the transaction and credit card details to the acquiring bank of the credit card. This bank then forwards the information to the issuing bank of the card. The issuing bank will then check whether or not there are sufficient funds for payment. If not, transaction is rejected. Otherwise, the issuing bank will generate and send back the authorization code so that payment can be made. Then, the acquiring bank forwards the authorization code to the merchant’s point-of-sale machine.After all the above processes have been completed, a proof of purchase by means of a credit card will be printed. Then the payment process is thoroughly done.
Type: White Paper
Because the point of sale is the last interaction a customer has in the store, it is vital to make a good impression. A cluttered, inefficient space can leave a customer feeling crowded, as well as increase security concerns. Solutions like a mounted pole allow for maximum efficiency and better use of space. When placing a POS system, it’s important to consider:
* Customer convenience
* Brand image
Are you paying too much to validate your PCI compliance? It’s possible, even likely, that you are. The reason is not that your QSA is too expensive or that PCI is too demanding. Rather, the reason many merchants pay too much is that they forget PCI Requirement 0. You don’t know Requirement 0? It says: Minimize Your PCI Scope. Failing to comply with Requirement 0 may be due to inertia or ignorance or both. Regardless of the reason, the result is excessive and unnecessary spending on people, process and technology, together with a lot of frustration.
For the most part, restaurant owners lease their property, at least when starting out and often permanently. As such, negotiating a lease can be a stressful experience. To reduce some of that stress, we’ve put together the following Ten Keys To Negotiating Your Restaurant Lease.