Tag Archives: PCI DSS

January 15 webinar: Managing Cardholder Data Security Risks in an Evolving Payments Landscape

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
Please join us from 2-3:30 pm ET on January 15 for a webinar that will provide a look back on significant payment card security events that occurred in 2013 and the security, risk mitigation, and customer relations lessons that can be learned from them. We will also discuss what the continuing and emerging threats may … Continue Reading

Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry, Privacy Class Actions
Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system.  Global Payments later disclosed that Track 2 data (card number, expiration date, verification code but not cardholder name or address) of 1.5 million cardholders were taken.  Three individuals brought a … Continue Reading

Do Merchants That Outsource Payment Processing Still Have Risk From a Breach?

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches, Payment Card Industry
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk.  The bakery’s letter to its customers stressed that it did not store card data on its computer systems, but the malware allowed an unauthorized person to gather card data as … Continue Reading

Verizon PCI Report Shows Companies Still Struggle with Compliance

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
Verizon recently released its 2011 Payment Card Industry Compliance report, a companion report to its annual Data Breach Investigations report that we discussed here.  The PCI compliance report presents findings based on Verizon’s work as a Qualified Security Assessor (QSA) (a QSA conducts an annual audit to determine if a company is in compliance with … Continue Reading

PCI Security Council Releases Standards Guidance for Virtual Environments

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Cloud Computing, Payment Card Industry
Over half of the companies surveyed by Trend Micro in May 2011 reported having cloud computing services being developed, implemented, or already in production.  The survey also reports that security concerns continue to be a primary reason companies are holding back their adoption of cloud computing.  The security concerns related to virtual environments are heightened … Continue Reading

Restaurant Group Pays $110,000 to Settle Lawsuit Alleging a Failure to Secure Payment Card Data

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
In a February co-post with Baker Hostetler’s Hospitality Lawg, we wrote about security breach reports that continued to show hospitality and restaurant groups as favorite targets of hackers.  Two of the factors we cited as explanations for their vulnerability—failure to secure wireless networks and not complying with the Payment Card Industry Data Security Standard (PCI … Continue Reading

Hospitality and Food and Beverage Industries Still Targets of Hackers

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches, Information Security, Payment Card Industry
This entry was also posted on the Hospitality Lawg—a Baker Hostetler blog featuring commentary on hospitality law, news, and developments.  It should no longer come as a surprise that the hospitality and food and beverage industries are favorite targets of hackers.  Indeed, some commentators have suggested that hackers view these industries as the low-hanging fruit.  … Continue Reading

PCI DSS Compliance–“A Necessary and Worthwhile Investment”

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
Cisco released a white paper on January 12, 2011, which reported that results from its survey of 500 IT decision makers show that PCI DSS compliance is no longer viewed as overly expensive and burdensome.  Instead, the survey revealed “one overwhelming message: Organizations of all types view PCI compliance as a necessary and worthwhile investment.”  … Continue Reading
LexBlog