InfosecBlurb.com

There is a Webinar PCI Compliance this Wednesday, March 21, 2007. Details below:

Overview: In response to major data security breaches on personal and financial data, the payment card industry formed an independent council, the PCI Security Standards Council (PCI SSC). The council developed a unified and comprehensive data security standard, which they required member institutions to adopt.

The Payment Card Industry Data Security Standard (PCI DSS) was released in September 2006 and defines six control objectives made up of 12 requirements that establish common processes and precautions for handling, processing, storing, and transmitting credit card data.

If you’re struggling to make sense of these new PCI security standards, join Alert Logic for “PCI Compliance Made Simple,” where you’ll learn about:
- The control objectives and requirements that form the foundation of the PCI DSS v1.1
- The sizes and types of institutions that must comply with each of the control objectives.
- Practical strategies to help you comply with the standard without significant people or budget resources.

Don’t be a headline! Find out how to protect your organization through PCI compliance.

Register here:

http://metacast.agora.com/link.asp?m=39611&s=6748313&l=0

Interesting: This June 2007, there will be a book on PCI Compliance.

Click here for the Amazon.com Link.

PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance by Tony Bradley (Author), Anton Chuvakin (Author), Anatoly Elberg (Author), Brian J Koerner (Author)

The credit card industry established the PCI Data Security standards to provide a baseline expectancy for how vendors, or any entity that handles credit card transactions or data, should protect data to ensure it is not stolen or compromised. This book will provide the information that you need to understand the PCI Data Security standards and how to effectively implement security on the network infrastructure in order to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information.

I’m familiar with two of the authors and it should be a pretty good book. It looks like the audience is that of merchants.

Personally, I like the PCI Standards and think that if more companies were to become compliant I would have less stolen credit cards

I recieved a call from Citi-Card’s Fraud Department a few days back. They left a message, and I had to call them back. They read back the last 5 charges and I did not perform any of them.

This has happened to me before, and other then the hassle it really isn’t a big deal, but my gears are winding and I’m wondering how this could of occured. The only out of the ordinary purchase was from a small online retailer. All of the other charges where from places that I am a pretty regular visitor of. I suspect that the small online merchant was compromised, all of the fraudlent transactions that were run up on my card were all online, adult-related, web-cam and others from a company called ccbill.com which is a payment processor for those types of merchants, all in all around $500 and all on the same day, before Citi hot-statused my card.

It will be curious to me how PCI and this suspected merchant, who was probably “un-compliant” anyway, I suspect that the Card Brands will find the common-link merchant, and do their thing.

*sigh* At least I get a new card and the Issuers, Acquiers and Merchant gets to deal with the loss and not me.

This : http://sourceforge.net/projects/ccsrch

is a very cool utility for scanning files for credit card numbers on your harddrives or filesystems. It will return many false positives, but this is a good tool to scan your machines to make sure there is no logging of Credit Card Data, be it Track Data or Credit Card Numbers.