Comments
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
Newest First  |  Oldest First  |  Threaded View
menuisier69
50%
50%
menuisier69,
User Rank: Apprentice
9/6/2017 | 5:13:13 AM
Re: pci compliance
who trust in payment card anymore ?
xanthan99
50%
50%
xanthan99,
User Rank: Strategist
9/5/2017 | 10:30:03 AM
...a journey not a destination
Boss: You're telling me if we're PCI-DSS compliant we can get a better processing rate from the bank?

Security Professional: Yes, but we need to remain compliant year over year.

Boss: Ah yeah, but our sales margin will improve?

Security Professional: Yes, but we have to dedicate an ongoing level of effort to staying compliant!

Boss: Yeah, yeah but it will improve profitability!

Security Professional: But there is a tech cost.

Boss: Cost? of course, we'll buy you guys a new high-end coffee maker!

 
pdantini06901
50%
50%
pdantini06901,
User Rank: Apprentice
9/2/2017 | 11:42:02 PM
pci compliance
The responsibility of maintaining a secure credit card processing environment must rest with credit card processing companies.  A small business can secure their network and data with a certain set of clear rules but the rules as written would be a challange for a security Specialist to implement in a small business environment with a small budget.  The point of paying a discount fee and processing fees for a small business is to insure that the majority of the risk is assumed by the credit card processor.  If the current environment continues I see a time where other forms of payment will be preferred by small business and the majority processors left wondering what occured to their volume/business.  

 



WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.
CVE-2018-17336
PUBLISHED: 2018-09-22
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n...
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.