Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
A merchant is defined as any entity that accepts payment cards from the five brands (American Express, Discover, JCB, MasterCard, or Visa)
The PCI Security Standards Council defines a service provider as a Business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data. This also includes companies that provide services that control or could impact the security of cardholder data.
Note that a merchant that accepts payment cards as payment for goods and/or services can also be a service provider, if the services sold result in storing, processing, or transmitting cardholder data on behalf of other merchants or service providers. For example, an ISP is a merchant that accepts payment cards for monthly billing, but also is a service provider if it hosts merchants as customers
As a merchant, you are required to be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a set of comprehensive requirements developed by the major card brands to facilitate the adoption of consistent data security measures.
The core of PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network
Protect Cardholder Data
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
PCI Validation Requirements
Outsourcing the payment page doesn’t eliminate your PCI DSS responsibility. When you outsource to a third party service provider, the point of redirection needs to be protected. You also have ...
