It’s crucial that any company handling consumer cardholder information, including card numbers, protect that information from any and every unauthorized user. The PCI Security Standards Council has determined that to promote security and usability, it’s not enough to secure a system perimeter and encrypt data. Instead, companies have to approach data obfuscation through a series of requirements that protect it from theft while allowing the company to utilize it for regular commercial purposes. 

Here, we’ll discuss Primary Account Numbers (PAN) and how you must protect them under PCI DSS.

Read More

Part of managing system compliance is ensuring that each system meets a minimum standard. Beyond this relatively straightforward component of the process, almost every compliance process includes other ongoing tasks, including risk assessment and configuration management. 

What is configuration management, exactly? These compliance frameworks will often refer to it, but implementing a management policy is entirely different. 

Read More

The public and private sectors have been increasingly under assault by hackers looking to take information–whether for espionage, blackmail, or profit. And while some of the past few years’ high-profile government and industrial attacks have been at the center of many cybersecurity stories, the reality is that hacks in the retail and consumer spaces have been incredibly impactful.

In fact, some of the largest data breaches have been due, in part, to a lack of compliance with PCI DSS standards… and this presents a major challenge for merchants and payment processors who want to protect their customers’ information. 

Here, we’ll cover three major security breaches related to PCI DSS compliance and what you can learn from them.

Read More