Having been at a meeting today discussing a ePOS system, we were informed that new regulations were coming into play regarding storing of credit card information.

In my bid to find out more about these new regulations i came across some disturbing information that earlier this year Argos had been storing credit card numbers along with their card verification number inside source codes to customer emails. This seems to be a major breach of the PCI-DSS standard.

More to the point however changes do seem to be pending from the PCI council. The organization which deals with card securities has indicated nine new points are under consideration. The majority of the changes proposed however are for clarification purposes.

The link to the official release is below, if this applies to you feel free to have a look and prepare yourself for the next generation in security.

References
The Register
SearchSecurity.com
PCISecurityStandards.org

Created by Whitebunnywabbit

In my role at work I recently had the opportunity to discuss with a expert in security aspects of the PCI-Data Security Standard in the context of storing credit card information. This covers amongst many other things, whom has access to the data. Our client has a team in India doing work for his site as well.

This means that when he comes round to getting pci-dss compliant he will have to factor in them into his equation.  Now I’m seeing that there’s been a pretty major security breach across India. This is one of the many factors one should consider when outsourcing work to beyond national borders.

The breach is in the form of a rootkit hijacking against certificates for drivers by Realtek whom quite commonly develop Ethernet cards for many manufacturers. Therefore there is a significant risk that your outsource partner could be effected.

References
ZDNetUK

Created by Whitebunnywabbit