Risk
8/7/2012
10:42 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

New White Paper Calls For Collaboration Among PCI DSS Technology Vendors

Mako Networks paper calls for research and cooperation among vendors to make card transactions and consumer data safer in small businesses

LONDON – 7th August 2012 – Mako Networks, a leading cloud-based network management and security company, has published a new white paper together with five other organisations, proposing that technology vendors work together to enable small businesses to more easily comply with the strict and ever-evolving Payment Card Industry Data Security Standards (PCI DSS).

Mako invited contributions on the topic from payments solution providers Spire Payments, Payzone, VigiTrust, Phoenix Managed Networks and Service Logistics to help produce the document, believed to be the first of its kind to solicit wide support from a consortium of industry partners. The final paper calls for research and cooperation amongst vendors to make card transactions and consumer data safer in small businesses, which have proven to be under increasing threat from card fraud and data breaches.

The free white paper addresses the following:

• PCI and Partnerships - Issues for SMBs in achieving compliance, evolution of the PCI standards, simplifying compliance and addressing PCI DSS myths.

• Hidden Risks - The opportunity for threats and identifying vulnerabilities, risks in exposing data to noncertified partners, and securing the payment environment.

• A Collaborative Approach – Bringing PCI DSS compliance technology vendors together to close the ‘PCI Loop’ and enable greater compliance by focusing on respective strengths.

• Best Practice Guide - Defining best practice for PCI DSS compliance and investigating room for improvement.

Simplifying the vendor/ merchant relationship - Standardising communication and consolidating costs.

Mako Networks CEO Bill Farmer said: “The vendor community is still very segregated when it comes to issues of compliance. Organisations often work in silos with little collaboration or standardised practice. This needs to change in order to make data and payment security compliance more achievable. The development of more effective fit-for-purpose products and services, with the necessary certification, is one way of ensuring a standard level of practice across the industry. This is something we’re highly committed to, as shown by our continued investment in the PCI community and development of the Mako System.”

Phoenix Managed Networks Managing Director, Alan Stephenson-Brown adds: “Vendors in competing sectors have historically worked and developed solutions in isolation without fully understanding the implications of what they are doing. The payment industry has been particularly guilty of this. As new requirements around security and PCI have been rolled out, no single organisation has yet developed the capability to deliver a complete end-to-end solution. Collaborating and sharing ideas will benefit the industry and support merchants in taking on board the PCI requirements.”

Chris Nation, Commercial Manager Europe at Mako Networks, also comments: “In an absolute ideal PCI world there would be greater acceptance of responsibility amongst technology suppliers, resulting in a single approved list of PCI-certified vendors that retailers could refer to. This transparency would ensure that all outsourced services are fully PCI compliant and retailers are not left vulnerable. It would also give a clear message to the merchant that using a Level 1 certified service provider will provide safe harbour.”

The full White Paper can be downloaded for free at:

http://www.makonetworks.com/about/news/2012/07/new-white-paper-examines-pci-and-partnerships/

About Mako Networks

Mako Networks is a cloud-based network management company, providing services and managed appliances that connect businesses to the Internet and protect them from the threats it contains. Mako Networks helps merchants that process, transmit or store cardholder data to comply with the stringent Payment Card Industry Data Security Standards (PCI DSS) as a certified Level 1 service provider. The company operates from offices in Auckland, New Zealand, London and San Francisco.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.