News

11:47 AM
Nancy Feig
Nancy Feig
News
Connect Directly
RSS
E-Mail
50%
50%

Data Security Firms Establish PCI Security Vendor Alliance

Organization aims to develop, raise awareness of payment card standards.

Eight data security companies have formed an alliance to educate the business community on the requirements and the business value of the Payment Card Industry Data Security Standard (PCI DSS). The new Payment Card Industry Security Vendor Alliance (PCI SVA) will develop products and services to assist members of the payment card industry and the PCI Security Standards Council composed of merchants, banks and point-of-sale vendors in education and compliance about the standard, a global benchmark intended to improve security throughout the entire payment card transaction process.

The PCI DSS is built around five principles and 12 accompanying requirements. The principles include: build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measurements, regularly monitor and control networks, and maintain an information security policy.

Founding members of PCI SVA ConfigureSoft Inc., Cyber Ark Inc., Modulo Security, Proginet Inc., Protegrity USA Inc., Reflex Security, SafeNet Inc., and Verisign will also support the business community by providing flexible PCI Data Security Standard solutions to address the needs of system integrators and business users. According to the group's Web site, each of the founding members is a vendor that offers products and/or services that deliver compliance with one of more of the 12 PCI DSS. The groups also says its looking for additional members that will provide all the data functionality required by the PCI DSS.

"Even with all the press on data security breaches and the corporate and personal costs that accrue from them, there is still only limited awareness of the PCI data security standards," said Jon Oltsik, senior analyst, Enterprise Strategy Group. "The standards impose compliance rules that enterprises handling credit or debit card data must resolve from business and technology perspectives. The PCI SVI is a valuable component in addressing this issue holistically."

To demonstrate the business value of PCI DSS solutions, and their value in meeting other regulatory privacy and data security directives, the PCI SVA also plans to create a series of case studies, seminars, return-on-investment analyses and white papers showing how organizations may achieve compliance with the PCI DSS requirements efficiently and on budget.

Because the PCI DSS requirements are so detailed and market-stringent, the alliance advocates compliance to PCI DSS in meeting the numerous state, national and regional laws governing other business activities concerning systems security and privacy.

PCI SVA members plan to leverage this knowledge to support and complement the objectives of Visa, MasterCard, American Express, Discover and JCB in securing the sensitive data processed by their merchant partners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.