News Feed

PCI: 5 New Security Requirements By Tracy Kitten

Fri, Jun 5, 2015

Columbia, Maryland

Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, and smaller merchants are likely to be the most affected, says one security expert.

That's because the new requirements relate to point-of-sale vulnerabilities that have commonly been linked to exploits at small and mid-sized businesses, says Don Brooks, senior security engineer at security and forensics firm Trustwave.

The best practices, which were included when PCI-DSS version 3.0 was released in November 2013, state:

  1. Merchants should secure authentication and online session management, to help prevent the theft of online credentials;
  2. Third-party service providers with remote access to POS systems should use a unique passcode credential for each merchant customer;
  3. Service providers should confirm in writing that they are responsible for the security of cardholder data they store, process or transmit on behalf of the merchant;
  4. Merchants should regularly inspect POS devices to ensure they have not been "swapped" or tampered with to skim or collect card details;
  5. Merchants should conduct regular penetration testing through simulated device attack scenarios to exploit known and possible vulnerabilities.

For full article click here

Source: CUinfo Security