RSI Security

Rethinking Your Cybersecurity

Category: Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

  • What is PCI P2PE?

    What is PCI P2PE?

    Need for Payment Cardholder Data Protection

    There have been 2,216 confirmed data breaches in 2018. 76% of breaches were financially motivated. Cybercriminals are increasingly becoming more sophisticated. Data breach preparedness among the companies are at an alltime high. 324 data breaches involved stealing credit card data at the Point of Sale (POS) where card-present retail transactions are conducted. 414 credit card data breaches involved targeting payment web applications.

    There’s one common security vulnerability leading to these payment cardholder data breaches at the POS and within web applications: Lack of payment cardholder data encryption.

    PCI Point to Point Data Encryption (P2PE) to the rescue!

    (more…)

  • Navigating PCI DSS and the Cloud

    Navigating PCI DSS and the Cloud

    Cloud computing is an important resource for organizations of any size and has seen increasing use in recent years for payment processing. Despite the prevalence of moving cyberinfrastructure to a cloud environment, many organizations fail to properly assess how if and how they will be able to maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) when their cardholder data environment (CDE) exists entirely in the cloud. Understanding how to maintain PCI DSS compliance when utilizing cloud services is essential for the numerous modern organizations that rely on the scale and convenience that cloud services provide.

    In this article, we’ll break down some important considerations for organizations that are looking to maintain pci compliance storing credit card data in the cloud. In order to provide some context, we’ll outline what is cloud computing, what some of the advantages of cloud computing are, and explore some of the challenges of meeting the requirements of pci dss regulations when your CDE has either partially or fully cloud-based services.

    (more…)

  • What is a Token Service Provider?

    What is a Token Service Provider?

    When it comes to ensuring that only authorized personnel are allowed into systems remotely, one of the best ways is to use a token. When it comes to keeping Credit Card Holder Data protected, one of the best solutions is tokenization. Many options exist for token use as well as for tokenization. We will discuss the basics of tokens, tokenization, and token service providers (TSPs) below.

    (more…)

  • Upcoming PCI Programs And Changes

    Upcoming PCI Programs And Changes

    The Payment Card Industry Security Standards Council (PCI SSC) releases regular updates to existing programs and creates new programs on an ongoing basis as security needs change. Staying abreast of the changes to PCI programs is essential to maintaining PCI compliance over time. Understanding what new programs are being created and how those programs might affect your operations is also important, as the creation of new PCI programs can impact security implementations in a variety of ways.

    (more…)

  • California’s New Cybersecurity Regulations: Internet Of Things Law

    California’s New Cybersecurity Regulations: Internet Of Things Law

    What do smart fridges, helpful robots, and Amazon’s Alexa all have in common? — the Internet of Things (IoT). Even if you aren’t already well acquainted with the IoT, you have most likely heard it in passing. The IoT’s elusive and ever-changing manner makes the concept difficult to define. Likewise, many cyber experts explain it in a different way, a fact that slows legislation regarding IoT security. Yet, with Gartner Inc. estimating society will utilize 20.4 billion connected devices by 2020, it’s imperative that IoT security awareness increases. Did you know that California just passed an Internet of Things legislation to improve cybersecurity? Find out more with this helpful article.

    (more…)

  • Protecting Telephone-Based Payment Card Data

    Protecting Telephone-Based Payment Card Data

    Protecting payment card data is essential in all environments, including when card data is taken over the telephone. Areas of organizations that interact with sensitive data in a telephone-based environment are particularly susceptible to fraud or theft of cardholder data. As such, protecting telephone-based payment card data is essential for all businesses that conduct transactions over the phone.

    (more…)

  • What Is PAN Data And Why Is It Important?

    What Is PAN Data And Why Is It Important?

    The act of storing primary account numbers (PANs) has already had a profound effect on network security for a plethora of organizations.  Massive data breaches have ensued over the years based on companies choosing to store PANs on their servers for ease of access.

    Many companies who have been inflicted by a data breach use this excuse of consumer convenience in their choice to store PAN data on their network.  These companies who use this excuse also are not Payment Card Industry Data Security Standard (PCI DSS) compliant as the PCI DSS requires that merchants never store track data, for any reason.  

    (more…)

  • How To Choose The Right Approved Scanning Vendor For Your Company

    How To Choose The Right Approved Scanning Vendor For Your Company

    Making the choice for an approved scanning vendor (ASV) is an important consideration for organizations looking to achieve or maintain compliance with the Payment Card Industry (PCI) requirements. The requirements set forth in the PCI Data Security Standards (PCI DSS) are intended to provide end-to-end security for cardholder data. A central component of the PCI DSS is the requirement for entities covered by the PCI DSS to have regular external scans of their networks and systems. As such, PCI approved scanning vendors occupy a central role in ensuring that organizations covered by PCI DSS achieve and maintain compliance advisory services with these requirements over time.

    (more…)

  • What are the PCI ASV Scanning Requirements?

    What are the PCI ASV Scanning Requirements?

    The process of understanding the entirety of what Payment Card Industry Data Security Standards (PCI DSS) covers is an extremely daunting task for business decision makers.  An increasingly important aspect of Payment Card Industry (PCI) compliance has become maintaining compliance with the Approved Scanning Vendor (ASV) requirements notated within PCI DSS.  One of the notable requirements that entities must adhere to are those that cover ASV Scans. These vulnerability scans are quite complex in nature and require many man hours of preparation on the vendor and company side to ensure proper consumer payment card protection in the organization’s cardholder environment.

    (more…)

  • ASV Scanning Responsibilities

    ASV Scanning Responsibilities

    You have determined that you need vulnerability scanning from an approved scanning vendor (ASV), probably because you need to maintain or establish PCI compliance. Most businesses require at least quarterly scanning. You have done your research and selected a vendor, verified they are approved on the PCI website and are ready to get started. There are several parties involved in this process from the Card Brands to the merchant and the ASV. We will discuss the responsibilities of each.

    (more…)