Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?

By Craig A. Hoffman on February 11, 2013 Posted in Data Breaches, Payment Card Industry

Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk. The bakery’s letter to its customers stressed that it did not store card data on its computer systems, but the malware allowed an unauthorized person to gather card data as … Continue Reading

Verizon PCI Report Shows Companies Still Struggle with Compliance

By Craig A. Hoffman on October 8, 2011 Posted in Payment Card Industry

Verizon recently released its 2011 Payment Card Industry Compliance report, a companion report to its annual Data Breach Investigations report that we discussed here. The PCI compliance report presents findings based on Verizon’s work as a Qualified Security Assessor (QSA) (a QSA conducts an annual audit to determine if a company is in compliance with … Continue Reading

PCI DSS Compliance–“A Necessary and Worthwhile Investment”

By Craig A. Hoffman on January 27, 2011 Posted in Payment Card Industry

Cisco released a white paper on January 12, 2011, which reported that results from its survey of 500 IT decision makers show that PCI DSS compliance is no longer viewed as overly expensive and burdensome. Instead, the survey revealed “one overwhelming message: Organizations of all types view PCI compliance as a necessary and worthwhile investment.” … Continue Reading