Friday, April 8, 2011

PCI DSS Applicability To Closed Accounts

We recently ran into some questions from multiple organizations regarding PCI DSS applicability to closed or inactive credit card account numbers. For example, when someone passes away, the disposition of their debts and assets may go through probate. What may happen during this process is the collection of all of the deceased’s debt accounts, including credit cards, to determine how claims will be paid from the estate. Based on discussions with some of our clients, the credit card accounts are closed before they are handed over to the probate organization. That being said, these organizations will have credit card data in their systems, albeit inactive account numbers.

Read more on SecureState's new blog site

Read more!

Wednesday, April 6, 2011

Penalty Double Ups: PCI Intersects with State Privacy Laws

A lawsuit out of Massachusetts related to a breach of cardholder data by the Briar Group, LLC resulted in an $110,000 settlement by the company. This is some interesting news, as it shows that penalties for not protecting cardholder data can hit you from both the card brands and regional privacy lawsuits. Although the amount of the settlement is not extremely high, the other requirements coming out of the settlement can definitely push those costs up. Read more on SecureState's new blog site

Read more!

Tuesday, April 5, 2011

The Importance of System Logging

This blog is more of a success story than anything else. I want to bring to light a small business with less than six employees who properly implemented auditing. As you may or may not know, Windows allows a user to audit Logon and Logoff events. This is extremely important especially when you are trying to figure out who is using, or has attempted to use, your system.

Read the entire post on SecureState's new blog!

Read more!