Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, May 15, 2006

Credit card security rules to get update

The update to the Payment Card Industry (PCI) Data Security Standard, due this summer, responds to evolving attacks as well as to challenges some businesses have with the encryption of consumer data, Tom Maxwell, director of e-Business and Emerging Technologies at MasterCard International, said.  The proposed update includes a requirement to, by mid-2008, scan payment software for vulnerabilities, Maxwell said in a presentation at a security conference hosted by vulnerability management specialist Qualys.  The new version of PCI will offer merchants more alternatives to encryption as a way to secure consumer data.

“Today, the requirement is to make all information unreadable wherever it is stored,” Maxwell said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said.

The challenge with encryption is that older payment systems were not built to support the scrambling technology, said Qualys CEO Philippe Courtot.

http://news.com.com/Credit+card+security+rules+to+get+update/2100-1029_3-6072594.html?tag=nefd.top

Posted on 05/15
FinancialPermalink