-
Mar 12, 2012
Like most conferences, there were several key themes and buzzwords being bandied about at this year’s RSA Conference. Some of the hot topics on the showroom floor included terms like consumerization, mobility and last but not least, big data.
Read full post >
-
Sep 29, 2011
I spent last week at the PCI SSC meeting in Arizona where I experienced an interesting dichotomy. On Tuesday, I attended a session where proposals were being presented for the formation of different SIGs for next year. There were a couple of groups that were looking to develop something resembling a checklist to assist merchants in meeting compliance, versus forcing them to look at their unique environment and accessing how to best meet the compliance requirements. I feel this would be a bad direction for the industry to head.
Read full post >
-
Sep 19, 2011
Sitting here in the general session of the IAPP conference, I am not surprised to see the interest generated around privacy, compliance and its implications among all privacy professionals (CIPPs) attending the conference. Privacy professionals are a little different from security professionals. While security professionals are all about how we can prevent data breaches, privacy professionals are all about how to respond to data breaches and what organizations need to do in order to comply with privacy laws on an ongoing basis. Let’s make a quick distinction here between data privacy and data security.
Read full post >
-
Aug 11, 2011
I’m happy to report that our Format Preserving Tokenization and key management solutions known as Liaison Protect (formerly nuBridges Protect) have passed a Payment Application Data Security Standard (PA-DSS) audit with flying colors, further proving our products’ high level of security and reinforcing our continuing leadership position in the data security industry.
Read full post >
-
May 03, 2011
Despite stronger PCI DSS enforcement and compliance, it’s clear that data thieves are still plying their trade. Within a four-week period, there were four high-profile breaches:
Read full post >
-
Apr 17, 2011
With the Data Protection Act of 1998 and the EU Data Protection Directive, UK and European companies have plenty of reason to ensure that sensitive consumer and employee information is safe. And, of course, many companies also have to comply with the Payment Card Industry’s Data Security Standard (PCI DSS).
Read full post >
-
Mar 23, 2011
I read with interest the latest report from the Ponemon Institute, “What Auditors Think about Crypto” (also see Search Security’s article on the subject), which concluded that they prefer encryption over tokenization or other cryptographic techniques to mask sensitive information. While I'm a fan of all of the Ponemon Institute studies and we’re a partner with the paper’s sponsor, Thales, who provides hardware security modules for encryption, I think that it’s a stretch to plainly say that encryption was chosen over tokenization without qualifying the context. Here’s why:
Read full post >
-
Mar 13, 2011
As part of our launch of Protect Tokenization as a Service (TaaS) at the recent RSA Conference 2011, I met with lots of industry analysts and writers. One of them was Walt Conway who I’ve gotten to know during the past few years due to our mutual interest in PCI compliance.
Read full post >
-
Mar 06, 2011
We’re thrilled to announce that Info Security Products Guide, the industry’s leading information security research and advisory guide, has named nuBridges Protect Token Manager the top Compliance and Security Solution for Large Enterprises at its 2011 Global Excellence Awards. The awards recognize security and IT vendors with advanced, groundbreaking products and solutions that are setting the bar higher for others in all areas of technologies.
Read full post >
-
Jan 31, 2011
Over the last 12 months we have seen an increased sense of urgency in the UK among a majority of level 1 and level 2 merchants aiming to achieve initial compliance with the Payment Card Industry Data Security Standard (PCI DSS) mandate. As analysts predicted, merchants in the UK have gained from the experiences of their U.S. counterparts and are actively seeking ways to leverage their PCI initiatives to increase the overall security posture of their organizations.
Read full post >
-
Jan 31, 2011
Yesterday, the PCI Security Standards Council released a supplemental guidance paper on the use of Point-to-Point Encryption (P2PE). Much to their credit, “Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance” is one of several guidance papers the Council will publish to help merchants better understand how a variety of emerging technologies can benefit their data security and compliance programs. For example, P2PE is effective in reducing risk and scope for PCI DSS compliance when implemented properly.
Read full post >
-
Jan 31, 2011
The PCI Security Standards Council (PCI SSC) has just released highlights of expected changes to be introduced with the long-awaited 2.0 versions of the PCI DSS and PA-DSS coming out later this year. In doing so, the Council is helping to quench the thirst for information among the merchant and service provider community so that it can more easily align security programs and offerings with the updated standards. nuBridges commends the PCI SSC for its efforts and transparency in this process.
Read full post >
-
Jan 23, 2011
Numerous costly and brand-damaging data breaches and a host of data privacy and security regulations are spurring organizations around the world to do a better job of protecting consumer data. That said, one of the oft overlooked areas for data protection is also one of the most vulnerable – call centers.
Read full post >
-
Jan 13, 2011
I remember sitting in a Boston hotel meeting room in early 2007 when we first formed the now defunct Payment Card Industry’s Security Vendor Alliance (PCI SVA). It was a group of about 25 vendors across the PCI landscape all trying figure out how to make PCI compliance easier for merchants. One of the topics that bubbled to the top was that the encryption and key management solutions needed some type of certification as it relates to PCI Data Security Standard (PCI DSS) from the PCI Security Standards Council (PCI SSC). Repeated requests yielded the same answer which is that the PCI SSC was vendor agnostic and did not want to get into the business of application certifications.
Read full post >
-
Oct 27, 2010
Let the fireworks begin! You can take that comment two ways: as a celebration; or, as the fireworks of debate.
Read full post >
-
Oct 12, 2010
For several years, Verizon Business has published The Data Breach Investigations Report (DBIR), one of the most respected sources of information in the data security industry. Verizon’s latest DBIR published July 28— the 2010 Data Breach Investigations Report —combines, for the first time, Verizon’s corporate findings with data supplied by the U.S. Secret Service. In another first, Verizon has issued a report focused on PCI compliance. The October 4th Verizon 2010 Payment Card Industry Compliance Report connects the dots between data breaches and PCI compliance in a revealing analysis.
Read full post >
-
Oct 11, 2010
In a few days, I’ll be boarding a plane to Barcelona for Part II of this year’s PCI Security Standards Council (SSC) Community meeting and will once again be presenting an update on the progress made by the Tokenization Working Group over the past 12 months. My presentation will be pretty close to the one I made in Orlando at the PCI SSC North American Community meeting a couple of weeks ago. In fact, the agenda for the October 18-20 European meeting follows the same agenda as the Orlando meeting.
Read full post >
-
Sep 21, 2010
There are almost 1150 attendees at this year’s PCI SSC Community Meeting in Orlando this week – that’s four-and-a-half times the number at the first one in 2007 and over 450 more people than last year in Las Vegas. The first meeting was comprised almost totally of vendors and QSAs/ASVs and each year after it there are more merchants attending.
Read full post >
-
Sep 20, 2010
There’s no lack of speculation about what will take place at the annual Payment Card Industry’s Security Standards Council (PCI SSC) Community meeting later this week. Depending upon where you sit in the industry, you may want to know exactly what changes will be made to the PCI standards; perhaps you’re seeking clarity about existing standards; or you expect to see a roadmap for future direction; or one of a myriad of other topics.
Read full post >
-
Feb 24, 2010
Yes, indeed. Just six weeks into the year, and the Payment Card Industry Security Standards Council (PCI SSC) has issued three clarifications regarding the storage of cardholder data on digital audio recordings. Now the PCI SSC has formally clarified that storing payment card data in digital call records is forbidden.
Read full post >