Tag Archives: PCI

Following its Settlement with Wyndham, the FTC Launches Wide Scale Inquiry Into PCI Compliance Audits

In December 2015, the Federal Trade Commission (FTC) settled a drawn-out civil action it brought against Wyndham Worldwide Corporation (Wyndham) for multiple data breaches involving cardholder data (i.e., information on credit and debit cards). In a departure from dozens of prior FTC settlements that mandated broad security measures for all consumer data, the Wyndham consent … Continue Reading

PCI Security Standards Council Announces Revisions to the use of SSL

The Payment Card Industry (PCI) Security Standards Council has released a bulletin on impending revisions to version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard (PCI-DSS), which we reported on in January 2014. To ensure the continued protection of consumers’ payment data, the PCI Security Standards Council … Continue Reading

PCI Seeks to Help Organisations Educate Staff on Information Security with New Guidance

In October, the Payment Card Industry (“PCI”) Security Standards Council published the Best Practices for Implementing a Security Awareness Program Information Supplement (“Supplement”) to help organisations educate their employees on the importance of protecting, the care in handling, and the risks of mishandling sensitive information. The PCI Special Interest Group (“PCI SIG”) developed the Supplement … Continue Reading

PCI Addresses Payment Security Risks with New Guidance

In August, the Payment Card Industry (“PCI”) Security Standards Council published the Third Party Security Assurance Information Supplement (“Supplement”) to help organisations reduce their risk by better understanding their respective roles in securing card data. The Supplement was developed by the PCI Special Interest Group (“PCI SIG”) consisting of merchants, banks and third-party service providers, … Continue Reading

Setting Higher Standards for Payment Card Data Security

To enhance security standards to protect customer payment data in the context of increasing e-commerce, the Payment Card Industry (PCI) Security Standards Council has announced it has released version 3.0 Payment Application Data Security Standards (PA-DSS) and version 3.0 of the PCI Data Security Standard (PCI-SS), which will become effective from 1 January 2014. The … Continue Reading

Eye on PCI-DSS Call Center Compliance

This post was written by John Hines and Amy Mushahwar. Are you recording credit card magnetic stripe data, CAV2, CVC2, CID, CVV2 or PIN data? Many businesses record telephone calls for a number of purposes including regulatory compliance and customer service monitoring. For those companies that also take credit card payment information over the phone, … Continue Reading
LexBlog