HackDig : Dig high-quality web security articles for hacker

Payment Security and PCI DSS Compliance 2015

2015-03-17 15:00

Verizon has published its annual PCI Compliance Report 2015 covering data up to the end of 2014, describing compliance, the sustainability of controls and ongoing risk management.

Partial screen capture from the Verizon report 'PCI Compliance Report 2015' showing one of the many charts

PCI Compliance Report 2015 analyses information from PCI Data Security Standard (PCI DSS) assessments undertaken by Verizon between 2012 and 2014, together with additional data from forensic investigation reports.

It describes the challenges of maintaining compliance and mentions the scale and complexity of requirements, uncertainty about scope and impact, the ongoing compliance cycle, lack of resources, lack of insight into business processes and misplaced confidence in existing information security maturity.

Each main requirement has a dedicated section summarising the changes in v3.0, describing the compliance challenges found, and providing recommendations for maintaining security and compliance. The authors describe methods they consider should be used to make compliance easier, more effective and sustainable.

There is a useful "compliance calendar" in Appendix C of the report which shows the periodic and other triggers for certain activities across the 12 requirements. A "must read" if you are a payment merchant or service provider.


Source: 5102-ecnailpmoC-SSD-ICP-dna-ytiruceS-tnemyaP/71/3/5102/ku.rellewdnekrelc.www

Read:1769 | Comments:0 | Tags:detective metrics technical PCIDSS validation maturity corre

“Payment Security and PCI DSS Compliance 2015”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud