The PCI Security Standards Council recently released new PCI DSS Risk Assessment Guidelines. To download, click here. 

 

Last month, over 150 people registered to learn how to safely move their card data to the cloud, without exposing themselves to undue risk. We showed attendees what PCI DSS compliance in the cloud looks like, how it's different from traditional compliance, and what they needed to do to become compliant. Attendees also received a convenient PCI Compliance in the Cloud Checklist for easy reference following the webinar.

 

We've uploaded the presentation and the checklist to the ControlCase SlideShare account so you can have access to materials even if you didn't make the webinar - see the article above for the link. Look for an announcement soon for our next webinar! 

In October, we were delighted to see nearly 150 ControlCase clients from 15 countries gathered in Bangkok for the annual ControlCase IT-GRC Conference. Attendees - including banks, merchants and service providers - discussed such pressing topics as tokenization and PCI DSS compliance for banks, for mobile payments, and in the cloud.

 

For those of you who weren't able to attend, we've uploaded the presentations to our SlideShare account; the links are listed above. We've also added some photos from the event in the menu on the left. We hope to see you there next year!

We're pleased to announce that we have certified Snapfinger Inc., the nation's largest and most comprehensive restaurant food ordering and payment application, for Level 1 PCI DSS certification for the sixth year in a row. This comes after continuous monitoring and maintenance of the compliance of the company's secure payment application, process and procedures.

 

Snapfinger was the first restaurant food ordering application to achieve PCI DSS compliance back in 2006, according to Snapfinger CEO Jim Garrett. The company has continued to maintain Level 1 compliance by having an on-site inspection every year.

 

"Because Snapfinger is the only mobile ordering application that is fully integrated into the restaurant's point of sale (POS) system, PCI compliance is imperative and allows us to provide a secure platform for our restaurant partners," explained Garrett.

 

Snapfinger will process more than 12 million online orders in 2012, totaling more than $250 million in sales. About 70% of those transactions will include a secure credit card payment into more than a dozen different POS systems and into more than 18 different credit card processors.

 

Snapfinger chose ControlCase to certify its compliance with PCI DSS because we provide a reliable turnkey compliance solution at a significant cost savings. Through our unique CaaS platform, we provide Snapfinger with a single source for such services as compliance issue tracking, vulnerability scanning, penetration and application security testing, sensitive data discovery, firewall security, event logging and monitoring, user access review and vendor risk management. Our offering also provides continuous 24/7 monitoring of PCI DSS compliance, to ensure customer data is more secure and better protected.

 

For more information on how our CaaS platform can simplify PCI compliance for your organization, go to: http://www.controlcase.com/CaaS-Compliance-as-a-Service.htm.  

Colombia's first PCI Qualified Security Assessor (QSA) is now using the ControlCase Data Discover (CDD) to help their clients find unauthorized or undocumented credit and debit card data within their systems.

 

IQ Information Quality, located in Bogota, Columbia, provides electronic information security services in the areas of ITIL, ISO 27001, Cobit and PCI DSS. As a QSA, the company is authorized to assess whether organizations that process, store or transmit sensitive payment card data comply with PCI DSS requirements.

 

The presence of unknown, unencrypted or prohibited credit card data is the leading cause of card data loss, disclosure and identity theft. Finding and removing this unauthorized or undocumented data is a key requirement for businesses seeking to comply with the PCI DSS.

 

IQ Information Quality will use the CDD product to help its clients achieve PCI DSS compliance. CDD is one of the first comprehensive scanners to not only search for credit card data in file systems, but also in commercial and open-source databases. CDD searches for credit card data, including PAN, track data, PINs and CVVs, in file systems, shared drives, databases and removable drives across the user's network, eliminating the need to run separate scans on each computer. The scans can also be set to run on a continuous schedule, providing peace of mind to organizations that they will remain PCI DSS compliant.

 

"We are thrilled with the broad functionality of CDD," says David Guillermo Angarita of IQ Information Quality. "We can conduct searches quickly and easily. We can search the most popular databases like Oracle, SQL Server and MySQL. And we can do it all from one central location, without having to install and maintain agents on each computer our clients may have in their network. CDD allows us to provide an extremely high level of service and value to our clients."

 

For more information about ControlCase and the CDD product, go to  http://www.controlcase.com/data_discovery.htm.