RSI Security

Category: Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

  • How Do Cryptocurrency Exchange Providers Stay Protected Against Hackers?

    How Do Cryptocurrency Exchange Providers Stay Protected Against Hackers?

    Cryptocurrencies have been rocking the news headlines for the past few years due to their unprecedented rise in value that has seen people become millionaires from making small investments in them.  Although there has been news of people making loads of money from these investments, there have also been a plethora of stories pertaining to cryptocurrency exchange providers being breached by hackers.  

    The anonymous nature of transactions that some exchanges and cryptocurrency use have led hackers to hone in on these websites and steal billions of dollars in cryptocurrencies from miners and customers alike over the years.  Many of these hacks have led to the short and swift demise of these cryptocurrency exchange providers due to the sheer quantity of breached accounts and value of cryptocurrency that were been stolen.

    (more…)

  • Top 5 Security Breaches of Cryptocurrency Exchange Providers

    Top 5 Security Breaches of Cryptocurrency Exchange Providers

    Cryptocurrency is a constant source of media attention.  It’s new-ish, digital, and an insanely lucrative endeavor to get into.  This perfect storm of positives is the main reason why many people are making a ton of money from mining and selling off their cryptocurrencies.  But even with all the positives that investors can receive from their cryptocurrency efforts, hackers still pose a considerable threat to their sizable profits.  

    (more…)

  • Understanding the CryptoCurrency Security Standard (CCSS)

    Understanding the CryptoCurrency Security Standard (CCSS)

    Cryptocurrency has become wildly popular in the past few years.  Bitcoin was the predominant hot-button topic on every news channel and online publication in 2017 due to its meteoric climb to the point where a single Bitcoin fetched more than $10,000.  Current market figures for Bitcoin have since fallen to around $6,000/Bitcoin due to global market volatility, but the increased industry competition means that cryptocurrency isn’t going away anytime soon.  This means that companies such as Overstock, Expedia, Subway, PayPal, Shopify, and Microsoft that currently accept cryptocurrencies as a viable payment method must understand the cryptocurrency security standards (CCSS).  

    With over 1,800 cryptocurrency specifications currently in existence as of March 2018, it would be best if you were to understand the ins and outs of CCSS.  Thankfully, we have compiled a complete overview of Cryptocurrencies, Blockchain, and CCSS that will keep your investment portfolio in the green for the foreseeable future.

    (more…)

  • How Often Do you need an EI3PA Audit?

    How Often Do you need an EI3PA Audit?

    Third-party vendors are becoming more involved in business operations as time progresses. One survey notes that 75% of businesses saw third-party access grow over the past two years. With this increase in reliance on third party vendors to streamline business processes comes an increase in risks that might lead to a data breach if the consumer information is mismanaged and exploited by opportunistic hackers. When the organization is handling consumer credit information, there is a need to take extra precautions to ensure that the data does not fall into the wrong hands. This can be a difficult task to accomplish for a single organization, but when accounting for a third-party vendor, it can be nearly impossible to do unless security protocols are initiated to reinforce the consumer credit data.

    (more…)

  • How to Acquire Level 1 EI3PA Certification

    How to Acquire Level 1 EI3PA Certification

    In March of 2008, 134 million credit cards and the underlying data were stolen by spyware installed on the Heartland data systems via an SQL injection. Prior to the security breach, Heartland was processing over 100,000,000 card transactions a month for nearly 200,000 small to mid-sized retailers. This breach remained undiscovered until over six months later in January of 2009 when MasterCard and Visa alerted Heartland of suspicious activity and transactions. It was soon discovered that Heartland was out of compliance with the Payment Card Industry Data Security Standard (PCI DDS). As a result, they were not allowed to process card payments until they were found in compliance, which took six months, were required to pay over $145,000,000 in compensation for fraudulent payments, and lost thousands of customers due to their negligence. Now, Heartland is a company capable of weathering such a storm, but if you are a smaller online business, such a breach could wreck your company, and being found out of compliance can carry hefty fines.

    (more…)

  • What Are the Differences Between PCI DSS and EI3PA Requirements?

    What Are the Differences Between PCI DSS and EI3PA Requirements?

    In 2018 certain industries are under the spotlight more than others and service providers are being watched much more closely. One of the industries that seem to be under fire every week is the security of consumer information. For example, patients in the health care industry are protected with patients rights under HIPAA laws. On the grander scheme, the world has gone futuristic and, unfortunately, that includes criminals. Whether its Macys, Sears or Saks Fifth Avenue, companies big and small have become targets for hackers. Regrettably, the data hacks of stores of any size affect all of us.

    (more…)

  • What is the Experian Independent 3rd Party Assessment (EI3PA)?

    What is the Experian Independent 3rd Party Assessment (EI3PA)?

    For a variety of financial service companies, dealing with the credit history of customers is part and parcel of doing business. Whether its issuing a credit card or financing a small business, banks, lenders, and other service providers and institutions routinely utilize credit data from companies like Experian to make the most appropriate business decisions. But theres just one catch – financial institutions need to be careful (and compliant) in the way they handle private credit history information thats shared with them from Experian data.

    (more…)

  • Consequences of Non-compliance With CalOPPA

    Consequences of Non-compliance With CalOPPA

    In 2003, California became the first state in the country to set robust strictures on the visibility of online consumer data. The California Online Privacy Protection Act, also known as CalOPPA, created regulations that required online websites and businesses to prominently display their Privacy Policy in regard to their users data.This law aimed to protect online users’ data and to inform them as to how their data might be tracked, mined, stored, trolled, sold, used, or shared. As of now, the posting of this notification is mandatory for any business or website that accrues personally identifiable information from California residents. CalOPPA states, [A website must] conspicuously post its Privacy Policy on its Web site, or in the case of an operator of an online service, make that policy available. If you are an online business found in non-compliance, if you do not clearly convey to your customers what data you collect, how you collect it, and what you plan to do with it, there are potentially severe ramifications that could cripple your business.

    (more…)

  • California Privacy Policy: What is CalOPPA?

    California Privacy Policy: What is CalOPPA?

    Established in 2003, The California Online Privacy Protection Act (CalOPPA) was the very first state law in the United States that required commercial and online websites to post their privacy policy to the general public. The goal of this act was to protect online users from having their data mined, stored, used, or sold, without their knowledge or consent.

    (more…)

  • Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)

    Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)

    Recent statistics have shown that 42% of consumers feel that credit cards are the safest payment option to protect cardholder data for their online purchases. With more consumers focusing on purchasing online rather than via brick and mortar retailers, this means that online retailers must take extra care in monitoring their network resources as they pertain to their cardholder data. Consumers are well within their entitlement to expect that their credit card transaction is secure once it has been processed. However, that expectation might fall short if the pathways that the payment company develops does not securely transmit their cardholder data once the transaction goes through. It is for this reason (and many others) that securing access to network resources for any organization that processes and/or stores credit card payments is critical.

    (more…)