Category Archives: Compliance

Laptop Encryption Can Save Companies Compliance Headaches

Are you aware of the type of data being carried around by your employees?  Are your employees aware of company policy regarding the handling of customer data?

Only a decade ago, encrypting computer hard drives was a  novel security idea; now it is practically required by compliance regulations. (And if it’s possible for someone to carry a PC out of your offices, consider encrypting the desktops’ hard drives too.)

Although few compliance requirements actually mandate the use of laptop encryption, it is definitely needed if laptops routinely carry sensitive payment card, health care, or financial data that fall under PCI DSS, HIPAA, GLBA and Federal Financial Institutions Examination Council security guidelines.

via Laptop Encryption Can Save Companies Compliance Headaches | Sword & Shield Enterprise Security, Inc..

PCI tokenization guidance could benefit payment processors

Options continue to open for methods of credit card processing and PCI compliance.

The Payment Card Industry Security Standards Council (PCI SSC) is expected to release guidance later this year on the use of tokens to replace credit card data, a move that could benefit some payment processors that sell technologies using encryption and tokenization to eliminate sensitive card information from merchant systems.

In a recent interview, Bob Russo, general manager of the PCI SSC, said he didn’t expect any major changes to PCI DSS, which is undergoing a revision this year. But guidance documents are being developed to help merchants decide whether investing in encryption or PCI tokenization technologies is a wise move.

and

Depending on the industry, merchants have the ability to store the data either encrypted or replaced with a token on their own servers, or send the data to the payment processors systems, where it is stored for later use. One industry expert said the PCI guidance will make it clear that merchants could be PCI certified if they have no ability to access the sensitive data.

via PCI tokenization guidance could benefit payment processors.