Podcasts about pci ssc

Sheryl Benedict is a PCI DSS enthusiast and information security and compliance leader with over 25+ years of experience in providing various services for companies ranging from small private companies to Fortune 50 / 500 Global Organizations. She is also one of 24 globally renowned PCI SSC women in payments leaders in the payments industry. She was a PCI DSS speaker at the North America and Europe PCI SSC community meetings and a global PCI DSS speaker for Cyberwise conference in Turkey. Join us as we dig into PCI concerns for small and midsized businesses.

On this episode of Compliance Unfiltered, TCT is going to Boston! It's that time of year again, folks from all walks of the PCI universe get together to share about what's new, what's changed, and what's next. TCT will be right in the middle of the action, so please stop by and say hi! Adam will also be sharing some exciting news! All these topics and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, Adam and Todd give an overview the BRAND NEW PCI-DSS 4.0.1! The council has just released the most recent update and the CU guys have the listeners covered with a highlight reel of all the significant modifications! For additional information, go to the TCT website shortcut by going to the TCT Website; then click Resources and blog on the top navigation; then search for the PCI-DSS 4.0.1 blog that we released on June 13, 2024.  In that blog there's a link to the PCI SSC document which fully details the summary of changes from 4.0 to 4.0.1 --- Send in a voice message: https://podcasters.spotify.com/pod/show/compliance-unfiltered/message

In this era of widespread digital transactions, we cannot overstate the importance of PCI-SSC. PCI-SSC serves as a guiding beacon, directing organizations toward the highest levels of security when handling payment card information. By prioritizing and adopting PCI-SSC standards, organizations can defend themselves against online attacks and enhance the overall integrity and reliability of the global payment ecosystem. The dedication of PCI-SSC to protecting the cornerstone of contemporary commerce remains unwavering, even as technological improvements continue. What is PCI-SSC? The Payment Card Industry Security Standards Council is a global organization founded in 2006 by credit card companies such as Visa, MasterCard, American Express, Discover, and JCB. Its mission is to develop and improve security standards for payment card transactions. The PCI-SSC is crucial in bringing stakeholders from the payments industry to create and promote adopting data security standards and resources. It is responsible for crafting and updating the PCI Security Standards, guidelines that dictate how organizations must protect cardholder data. Compliance with PCI-DSS is mandatory for all entities that handle credit cards, encompassing those that accept, transmit, or store such information. To assist organizations in meeting PCI-DSS requirements, the PCI-SSC offers a range of resources, including training programs, assessment tools, and best practices. The significance of PCI-SSC lies in its dedication to safeguarding cardholder data from fraud and theft, aiding organizations in reducing the risk of data breaches, and ensuring the security of their customers. View More: What is PCI- SSC and Its Importance?

Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment highlighting the PCI SSC's TRA Guidance. Next, we delve into Requirement 8 of the PCI DSS, dedicated to identifying users and authenticating access to system components. We'll explore the intricate details of this requirement, covering sub-requirements 8.1 to 8.6. These discussions will include processes for user identification, strict management of user and administrator accounts, strong authentication methods, and the implementation of multi-factor authentication (MFA) to ensure the security of cardholder data environments (CDE). Our QSA Q&A segment then addresses a critical question: Do all accounts need to comply with these requirements? We'll provide clarity on the scope, applicability, and exceptions, helping listeners understand the nuances of compliance. Tune in for a comprehensive review of December's PCI updates, an in-depth analysis of Requirement 8, and valuable insights from our QSA experts. This episode is a must-listen for professionals seeking to stay informed and improve their organization's payment security and compliance.

PCI SSC takes great care in working with other key technical bodies, such as EMVCo. Arman Aygen (Master of Science (MSc) in Communication Systems from EPFL (École Polytechnique Fédérale de Lausanne), MSc in Multimedia Communication Systems from EURECOM, and Bachelor of Science (BSc) in Micro Engineering from EPFL), Director of Technology, EMVCo, and Andrew Jamieson, VP, Solutions, PCI Security Standards Council, sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting Europe to discuss:The mission of EMVCo and its key technical initiativesHow PCI SSC and EMVCo collaborate to ensure industry alignmentEMVCo's work on mobile payment acceptance and PCI SSC's work regarding securityHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

How do EMVCo and PCI SSC collaborate? What is TapToMobile and MPoC*? What are the opportunities and challenges of mobile payment acceptance?In Episode 9 of Talking Payments with EMVCo, Arman Aygen, EMVCo's Director of Technology, is joined by Andrew Jamieson, VP, Solution Standards at PCI SSC, to answer these questions and more, discussing how the organisations are helping to facilitate seamless and secure payment acceptance on mobile devices.We're also joined in this episode by Mike McCamon, Executive Director at NFC Forum, to explore the opportunities and challenges in contactless payment acceptance on mobile.Listen now to learn about:·         The rise of payment acceptance on mobile devices: market drivers bringing solutions into the payment ecosystem·         EMVCo's TapToMobile programme: what it is, learnings from the Early Adopter Programme and the roadmap ahead·         PCI SSC's Mobile Payments on COTS* standard: what it is and how it complements the work conducted by EMVCo ·         Challenges and opportunities in contactless payment acceptance on mobile: the role that the NFC Forum has in collaborating with the payments industry to support the development of TapToMobile(*MPoC / COTS: mobile payments on consumer off the shelf)www.emvco.com │ EMV® Insights │ LinkedIn │ X │ An Introduction to EMVCo │ YouTube

In this episode of CyberIntel, Brian Odian discusses if the PCI Council's position on sensitive authentication data has changed with PCI DSS v4.0. If you have any questions you want answered on CyberIntel, email us at cyberintel@vikingcloud.com and our experts will be in touch - we may even make it the subject of a future episode! CyberIntel provides a deep dive into the world of cybersecurity and compliance. Hosted by Brian Odian, VikingCloud's Director of Managed Compliance Services APAC, amongst other cybersecurity and compliance expert advisors, we explore the nuances of various compliance standards and the latest in cybersecurity news, trends and threats. New episodes every two weeks! CyberIntel is presented by VikingCloud. VikingCloud is leading the Predict-to-Prevent cybersecurity and compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions - faster. VikingCloud is the one-stop partner trusted by 4+ million customers every day to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruption to their business. 

The PCI SSC relies on participating organizations to support its efforts in card payment security. Simon Turner (CISSP, CISM, CISA, VCP, ISA), Senior Manager, ISSCA Consultancy Services, BT Group (British Telecom), sat down with Host and Principal Security Analyst Jen Stone (MCIS, CISSP, CISA, QSA) at PCI Community Meeting North America to discuss:The role of BT as a PCI Principle Participating Organization (PPO)PCI payment security groups BT is interested in collaborating onBT representation on the PCI Board of AdvisorsHosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by Ben Vaughn, senior vice president and CISO at Hyatt. During this two-part interview, Ben discusses diversity in the cybersecurity industry and explains Hyatt guiding principles. The second part of this interview will air during the May 24 episode. Then, Luke is joined by co-host Alicia Malone, senior manager of public relations at PCI SSC, Kandyce Young, manager of data security standards at PCI, and Tony James, director of cyber security at Target to discuss the rollout of PCI DSS v4.0. Questions relating to the rollout? Register here for the RH-ISAC and PCI DSS v4.0 webinar on May 25 at 3 p.m. ET. More information about PCI and the new version can be found on the following resources page.

In this podcast, Host William Parks discusses with LBMC Information Security Senior Managers Andy Kerr and Kyle Hinterberg some of the top takeaways at this year's PCI SSC Community Meeting. Topics discussed during this episode include changes to the “In-Place with Remediation” reporting option which was added in PCI DSS v4.0, what to do if you miss an ASV Scan, new ways to interact with the PCI Council, SAQ updates, and much more!

　GMOサイバーセキュリティ byイエラエ株式会社は8月9日、PCI SSCからカード情報漏えい事故を取り扱う調査機関であるPFIとして7月27日に認定されたと発表した。

In 2006 the major card brands formed the PCI Security Standards Council (SSC) with the goal of managing the evolution of the Data Security Standard (DSS). Today that has expanded to several other standards and compliance programs. As part of the DSS compliance program the PCI SSC certifies Qualified Security Assessor (QSA) companies to perform independent audits of merchants and service providers related to the PCI DSS.So, as a go-to firm for PCI DSS compliance, how does Weaver help clients understand what they need to know?On this episode of Weaver: Beyond The Numbers, host Tyler Kern talked with Trip Hillman, Director of Cybersecurity Services at Weaver, and Kyle Morris, Senior Manager in IT Advisory Services at Weaver. The trio dug into insights from Weaver's cyber and QSA team and explored how Weaver advises clients on how to handle PCI DSS assessments and compliance.PCI DSS applies to organizations that store, process, transmit or could affect the security of cardholder data. Kyle and Trip look at PCI DSS as an opportunity for these companies to use compliance as a competitive advantage. Kyle is a QSA and explained that the Council establishes PCI DSS criteria and dictates what a QSA does for testing. Then organizations determine how they meet the criteria. There are over 250 requirements with PCI DSS, so depending on a company's needs and capabilities, the organization can conduct an annual self-assessment or bring in an independent QSA to do a full-blown audit report on compliance.Kyle and Trip discuss some of the main challenges that companies face with PCI DSS, including scoping, maintaining compliance and identifying the appropriate internal champions. They also share tips on how to prepare for compliance and define common acronyms: SAQ, ROC and AOC.Tune in to hear why the Weaver team enjoys helping clients fit their unique environment into the complex PCI DSS framework.“We help people with self-assessment questionnaires or SAQs and everything from full-on ROCs for Fortune 50 Cloud Providers to small merchants to SaaS solutions,” Kyle said.

There are two ways merchants can ensure compliance with the Payment Card Industry Security Standards Council’s (PCI SSC) Data Security Standards (DSS): Smaller merchants may be able to use self-questionnaires, while larger merchants may require a data security firm to provide an on-site assessment. In this episode of Beyond The Buzzword, IntraNext CEO, Patrick Brown tells Karen Webster that the commonly held belief that PCI SSC both sets and enforces the standards is simply not the case.

There are two ways merchants can ensure compliance with the Payment Card Industry Security Standards Council’s (PCI SSC) Data Security Standards (DSS): Smaller merchants may be able to use self-questionnaires, while larger merchants may require a data security firm to provide an on-site assessment. In this episode of Beyond The Buzzword, IntraNext CEO, Patrick Brown tells Karen Webster that the commonly held belief that PCI SSC both sets and enforces the standards is simply not the case.

Episode 69 is all about how the PCI Security Standards Council is responding to changes in security technology and how it is expanding its role and technology coverage across important new geographies. If payment security is on your screen, join Glenbrook’s George Peabody, partner and host of Payments on Fire, and Troy Leach, CTO for the PCI Security Standards Council as they discuss standards under development like PIN Entry on COTS, other new tools to mitigate data breach risk, and the Council’s work in Latin America, Asia, and India. A little background... We don’t need any more evidence for how difficult data security is. In payments alone the number of system components is so high that hardening them all has been functionally impossible. But we’re are making progress. There’s EMV. Data devaluation through encryption and two forms of tokenization - security tokens and payment tokens - reduces the amount of hack-worthy information available. Guiding, steering, nudging, and corralling the payment card ecosystem toward stronger security is the PCI Security Standards Council. The PCI SSC has developed a 12 step standards program for the secure treatment of payment card data that goes well beyond data devaluation. Various enterprises looking to protect their own data assets, not just card data, use PCI DSS to guide their security program. The Council’s activity is expanding along with the threats we face. As technologies emerge that benefit security, the Council considers how to employ and deploy them. For example, the Council has a certification program for the token service provider function that handles payment token vaulting and other life cycle management tasks. Another example is its soon to be released PIN Entry on COTS standard. Commercial Off the Shelf (COTS) devices include the smartphone that’s by your elbow or in your hand right now. The standard makes clear that, with the right card acceptance hardware, PIN entry via a software-driven screen, rather than a physical encrypting PIN pad, is secure.   As you'll hear on the podcast, this is an exciting time in payments security development. Broad deployment of many important tools will take many years. That's the real news. As they come online, however, there's already reason for optimism. We just have to use what we have and get others to do the same.

In this episode FinTech is heating up in the Nordics, where 11:FS’s Chris Skinner chairs the Nordic Finance Innovation Group. The region is punching above its weight in terms of innovation (Spotify and Skype, anyone?). You’ll hear interviews from Iren Tranvåg (@IrenTranvaag) – CEO at Nordic Finance Innovation; Søren Rode Andreasen (@RodeAndreasen) – Development Director for Core Banking at Danske Bank Group; Jarkko Turunen (@jarkkoturunen) – Head of Open Banking at Nordea; and Sergii Danylenko, Marketing Director at PrivatBank. We’re also joined by FinTech journalist Anna Irrera (@annairrera). News this week Finextra – The bank of the future will be invisible Link Reuters – Blockchain platform developed by banks to be open-source Link Coindesk – Hopes Are High Tomorrow’s Ethereum Fork Won’t Be Like the Last Link Finextra – New EU rules could cost UK firms £122bn in cybersecurity fines – PCI SSC Link Economist – Hide and seek: Bangladesh’s missing millions Link Forbes – Survey On Consumer Attitudes Toward Fintech Spells Trouble For Banks Link Quartz – Twitter fired its new VR manager because of something he posted to Facebook years ago Link The Nordic Web – The Q3 2016 Nordic Exit Analysis Link Got a burning question or just want to shout of how much you’re loving what’s in your ears right now? Contact us on Twitter @FinTechInsider or @11FSTeam, or email on FinTechInsider@11fs.co.uk The post Ep115 – Nordic FinTech: Thor the Win appeared first on 11FS. The post Ep115 – Nordic FinTech: Thor the Win appeared first on 11:FS.

New PCI Data Security Standards have been announced. Patrick Townsend of Townsend Security, a PCI SSC participating organization, speaks on best practices for meeting PCI compliance regulations and provides insight and commentary on the changes in compliance and enforcement.

The new PCI Data Security Standards (PCI DSS v2.0) are here and we’ve gotten a lot of questions about the changes related to encryption key management. Because we work with a lot of companies going through PCI compliance audits and reviews, the new standards just confirm the trends we’ve seen over the last few months on how QSA auditors and security professionals view encryption key management, and what they see as the minimum requirements for managing keys. In this podcast, Patrick Townsend speaks on current best practices, as well as what PCI has to say about integrated key management (why it isn't a good thing), dual control, separation of duties, and split knowledge.