RSI Security

Blog

  • How To Prepare For A PCI Audit

    How To Prepare For A PCI Audit

    It’s all about the plastic.

    Even though we have more alternative electronic payment options than ever before, Americans prefer the credit card over any other payment mechanism. This means it’s relatively simple for businesses to charge their customers online and get paid using one of a variety of payment gateways — all they have to do is move information from one place to another to collect their revenue, and the internet makes this a simple task.

    But this convenience simultaneously presents an obstacle: that data needs to be moved and stored safely. It should only be accessible by authorized entities, and should be kept far out of reach from malicious third parties. For enabling an entirely new era of transacting, online card payments also come with their own set of liabilities that can leave customer financial data vulnerable and a business’s reputation on the line.

    This means your company, whether large or small, needs to be on the forefront of PCI compliance. A PCI compliance audit is an essential tool for helping you get there.

    (more…)

  • How Often Do I Need a HITRUST CSF Assessment Report?

    How Often Do I Need a HITRUST CSF Assessment Report?

    The ranks of compliance regulations continue to expand, making it confusing and time-consuming for companies to navigate the audit landscape. From PCI DSS to SOC 2 to NYDSF to SOX, companies face a growing list of standards and certifications but no central repository to aggregate, much less organize all these standards. To address this, the healthcare industry established the Health Information Trust Alliance (HITRUST), which designed the Common Security Framework (CSF) assessment to consolidate the compliance process. 

    Curious as to how often you need a HITRUST CSF assessment report to stay compliant? Read on to find out now!

    (more…)

  • Cyber Security in Education: What You Need to Know

    Cyber Security in Education: What You Need to Know

    Educational institutions store a significant amount of sensitive data ranging from research to test documents to personal student information. While cybersecurity in the financial industry garners a substantial amount of attention, recent guidelines are also highlighting the vulnerability in the education sector. As schools incorporate more technology into classrooms and administrative offices, information security will become increasingly vital.  

    Is your information at your university protected? Learn about cybersecurity in education with our comprehensive guide. 

    (more…)

  • Common Cyber Security Threats in Education

    Common Cyber Security Threats in Education

    No matter if you’re at the helm of the network of an Ivy League college or a K-12 school district, cybersecurity is incredibly important. While school safety has always been a number one priority, the issue with cybersecurity is rather new. With education institutions amassing millions of dollars in their budget every year, but only maintaining small IT teams, cybersecurity threats have become amplified in both quantity and complexity.

    Of course, cybersecurity threats have been a part of the conversation on school safety for a while. However, there is a lot of misunderstanding and disinformation that still prevail in the discussion regarding cybersecurity threats in education institutions. Let’s look into these common security threats and what these institutions can do to steer clear of a breach.

    (more…)

  • Which Industries Are Most Affected By GDPR?

    Which Industries Are Most Affected By GDPR?

    Since the General Data Protection Regulation (GDPR) was enforced on May 25, 2018, many have complied with it lest they face unprecedented non-compliance fines and other consequences. GDPR, at its core, is the new set of rules designed for EU individuals to give them more control over their data. Its objective is to make the regulatory environment simple so that both businesses and their customers in the EU can ultimately benefit from the digital economy. 

    In this article, we’ll be tackling the top industries affected by GDPR, the challenges that they face since the regulation has come into effect over a year ago, and the benefits they receive from this data privacy law. These industries are the following: social media, online retail, digital banking, cloud computing, and healthcare. 

    (more…)

  • BYOD Security Checklist & Best Practices

    BYOD Security Checklist & Best Practices

    Cybersecurity owns the headlines on a weekly basis and for good reason. Data theft shows no signs of stopping, making security paramount. Cybersecurity extends beyond your mainframe, including mobile and employees alike. Read on to check out our Bring Your Own Device (BYOD) security checklist and best practices.

    (more…)

  • Is Stripe PCI Compliant?

    Is Stripe PCI Compliant?

    Is Stripe PCI Compliant? If you implement it properly, the answer is yes, Stripe is completely PCI compliant!

    Stripe is a popular platform that makes it easy for businesses to accept credit and debit cards over the internet quickly and securely. Ridesharing company Lyft uses Stripe to power its payment solution for 700,000 drivers around the world, and that’s just one company. This payment service moves billions of dollars a year and is used by tens of thousands of companies around the world, from small scrappy startups to established Fortune 500s.

    You don’t become a leading plug-and-play payment solution provider by accident. You do it by making it quick and painless for companies to accept credit card payments at scale. It’s not always easy for companies to meet the stringent security standards for processing online payments, let alone other personally identifiable information like birthdays and addresses.  This requires a lot of technical expertise, expensive hardware, and active attention for companies to achieve that on their own.

    (more…)

  • How To Perform A PCI Vulnerability Scan

    How To Perform A PCI Vulnerability Scan

    Wherever people are legally transacting money for goods, there are going to be bad guys in search of a score. It’s just the unfortunate reality of our world increasingly moving to the internet for its needs — wherever the good guys go to transact and do business, the bad guys will follow them in an effort to manipulate and rip off.

    As the American e-commerce industry grew by 14.2% in 2018 to total more than $517 billion in transactions, you can be sure that cybercriminals are at work to con people out of their money and personally identifiable information. Consumers can take certain steps to establish their own security, but they must fundamentally share some of this information in order to complete transactions online. They can’t be responsible for protecting information that they necessarily part with.

    The burden to protect this information — we’re talking about credit card numbers, security codes, and the like — lies with the businesses that process it. The best of these businesses pursue PCI compliance because they know that it’s an important feather in their cap for retaining consumer trust and pushing back against any would-be cybercriminals.

    For those businesses that don’t know where they stand on the PCI compliance front, they only need to conduct a vulnerability scan.

    (more…)

  • PCI Expert Summit 2019: Event Recap

    PCI Expert Summit 2019: Event Recap

    RSI Security’s first-ever PCI Expert Summit is in the books, and we couldn’t be happier about how things turned out!

    Marina Village Conference Center – San Diego, California

    On October 2nd we were joined by four speakers, a number of sponsors, an expert panel, and over 70 attendees to begin the process of building a strong, vibrant PCI compliance community in the Southern California area. The event took place at the beautiful Marina Village Conference Center in San Diego.

    “I found the event to be very informative. It was also nice to be around other folks I’ve worked with previously but haven’t actually met in person. It was definitely worth the time coming down for what I hope to be the first of many future RSI Summits,” said Gurpal Singh, head of compliance at Finix Payments. 

    (more…)

  • How To Avoid PCI Noncompliance Fees

    How To Avoid PCI Noncompliance Fees

    Just as professional athletes or motorists pay fines when they break certain rules, the same applies to companies doing business online. But the rules governing these companies’ behavior goes beyond “unsportsmanlike conduct” or “following the speed limit.” When they collect and process payment information for debit and credit cards, they must adhere to a number of rules in the process. If they break those rules, then they’re on the line to pay a penalty for it.

    If it’s expensive to ignore the rules, why are an increased number of companies doing so? Verizon’s 2018 Payment Security Report reveals a drop in PCI compliance, which are the standards that companies have to stick to in order to process payment information online. Where 55.4 percent of companies were compliant in 2017, that number shrank to 52.5 percent in 2018. Chalk it up to lack of awareness or other shortcomings, but companies leave themselves and their customers exposed to bad actors when they shun this kind of compliance.

    Beyond merely leaving themselves and their customers vulnerable to data breaches and cyberattacks, this decreased regard for the best practices pertaining to collecting payment card data and other personally identifiable information leaves these companies on the hook for noncompliance fees. It might not be as exciting or interesting as a professional athlete paying his or her commission for uttering an expletive during a game, but it can still be just as expensive.

    (more…)