Risk
8/7/2012
10:42 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

New White Paper Calls For Collaboration Among PCI DSS Technology Vendors

Mako Networks paper calls for research and cooperation among vendors to make card transactions and consumer data safer in small businesses

LONDON – 7th August 2012 – Mako Networks, a leading cloud-based network management and security company, has published a new white paper together with five other organisations, proposing that technology vendors work together to enable small businesses to more easily comply with the strict and ever-evolving Payment Card Industry Data Security Standards (PCI DSS).

Mako invited contributions on the topic from payments solution providers Spire Payments, Payzone, VigiTrust, Phoenix Managed Networks and Service Logistics to help produce the document, believed to be the first of its kind to solicit wide support from a consortium of industry partners. The final paper calls for research and cooperation amongst vendors to make card transactions and consumer data safer in small businesses, which have proven to be under increasing threat from card fraud and data breaches.

The free white paper addresses the following:

• PCI and Partnerships - Issues for SMBs in achieving compliance, evolution of the PCI standards, simplifying compliance and addressing PCI DSS myths.

• Hidden Risks - The opportunity for threats and identifying vulnerabilities, risks in exposing data to noncertified partners, and securing the payment environment.

• A Collaborative Approach – Bringing PCI DSS compliance technology vendors together to close the ‘PCI Loop’ and enable greater compliance by focusing on respective strengths.

• Best Practice Guide - Defining best practice for PCI DSS compliance and investigating room for improvement.

Simplifying the vendor/ merchant relationship - Standardising communication and consolidating costs.

Mako Networks CEO Bill Farmer said: “The vendor community is still very segregated when it comes to issues of compliance. Organisations often work in silos with little collaboration or standardised practice. This needs to change in order to make data and payment security compliance more achievable. The development of more effective fit-for-purpose products and services, with the necessary certification, is one way of ensuring a standard level of practice across the industry. This is something we’re highly committed to, as shown by our continued investment in the PCI community and development of the Mako System.”

Phoenix Managed Networks Managing Director, Alan Stephenson-Brown adds: “Vendors in competing sectors have historically worked and developed solutions in isolation without fully understanding the implications of what they are doing. The payment industry has been particularly guilty of this. As new requirements around security and PCI have been rolled out, no single organisation has yet developed the capability to deliver a complete end-to-end solution. Collaborating and sharing ideas will benefit the industry and support merchants in taking on board the PCI requirements.”

Chris Nation, Commercial Manager Europe at Mako Networks, also comments: “In an absolute ideal PCI world there would be greater acceptance of responsibility amongst technology suppliers, resulting in a single approved list of PCI-certified vendors that retailers could refer to. This transparency would ensure that all outsourced services are fully PCI compliant and retailers are not left vulnerable. It would also give a clear message to the merchant that using a Level 1 certified service provider will provide safe harbour.”

The full White Paper can be downloaded for free at:

http://www.makonetworks.com/about/news/2012/07/new-white-paper-examines-pci-and-partnerships/

About Mako Networks

Mako Networks is a cloud-based network management company, providing services and managed appliances that connect businesses to the Internet and protect them from the threats it contains. Mako Networks helps merchants that process, transmit or store cardholder data to comply with the stringent Payment Card Industry Data Security Standards (PCI DSS) as a certified Level 1 service provider. The company operates from offices in Auckland, New Zealand, London and San Francisco.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web