New PCI Software-Based PIN Entry on COTS Standard

The PCI SSC has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), such as smartphones and tablets. The PCI Software-Based PIN Entry (SPoC) Standard provides a software-based approach for protecting PIN entry on the wide variety of COTS devices in the market today. The security requirements are for solution providers to use in developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP). Here we talk with PCI SSC Chief Technology Officer Troy Leach about the new standard, what makes it different than other PCI PIN Standards, and how it’s designed to secure payment data.

Read More

PCI P2PE Validated Solutions – The Ultimate Defense Against Payment Card Data Breaches

Over the past few years, massive data breaches have frequently dominated the national headlines. Nearly every industry has been adversely impacted by malicious hackers. If your personal information was stolen from your doctor’s office, favorite retailer, or credit reporting agency, would you continue to trust them with your payment card data?  

Read More

VIDEO: Industry Expert on Payment Security & PCI

Payments security is top of mind for most merchants in the U.S. But what’s new? What should merchants be aware of about payment security? What do merchants need to know about PCI and their latest security standards? We caught up with Dr. Robert Martin, Chief Technology Officer at Ingenico Group to shed some light into payment security related issues that all merchants should know including new PCI requirements. 

Read More

What do new PCI DSS SAQ changes mean?

This is a guest post from the PCI Security Standards Council. It was originally published on the PCI Perspectives Blog as an interview with PCI SSC Senior Director of Data Security Standards, Emma Sutcliffe.

Self-Assessment Questionnaires (SAQ) are forms used by eligible organizations to report the results of a PCI Data Security Standard (PCI DSS) self-assessment. Earlier this year, the PCI Security Standards Council (PCI SSC) issued revised SAQs for use with PCI DSS version 3.2. In this Q&A with PCI SSC Senior Director of Data Security Standards Emma Sutcliffe, we look at what merchants need to know about new updates to the SAQs.

Read More

How Healthcare Providers Can Reduce PCI Scope with Semi-Integrated Payments

Data breaches have plagued the U.S. market for a long time. Within the healthcare industry, providers are the worst affected. According to the HIPAA journal, 329 data breaches were reported in 2016, in which over 16 million records were exposed. Based on IBM’s Cost of Data Breach Study, healthcare organizations have an average cost of $355 per stolen record. That would put the total cost of 2016’s data breaches at a staggering $5.6 billion. Apart from compromising healthcare records, these data breaches can also involve a provider’s payment infrastructure. If these systems are not secure, sensitive payment data can also be stolen, which inevitably leads to fraud.

Read More