The Payment card Industry Security Standard Council reacted swiftly to restrictions brought about by the COVID pandemic and published the PCI Remote Assessment Rules and Recommendations.
PCI SSC implements synchronous and asynchronous testing methods in all areas of compliance and CDE. With the exception of traveling restrictions onsite assessment continues to be the expected method for validation assessments in order to collect sufficient evidence and issue ROC and AoC certifications.
Details are available directly from the PCI SSC website.
Your application will stop working if you continue to use any version lower than TLS 1.2 beyond the dates mentioned below:
Is your organization still using the SSL/early TLS protocols? Do you work with online and e-commerce partners or customers who haven’t yet started the migration away from SSL/early TLS to a more secure encryption protocol? There are many serious vulnerabilities in SSL and early TLS that left unaddressed put organizations at risk of being breached. As there are no fixes or patches that can adequately repair SSL or early TLS, it’s critically important that organizations upgrade to a secure alternative as soon as possible, and disable any fallback to both SSL and early TLS.
"Since July 2016, Visa has received reports of an ATM “Jackpotting” incident targeting ATMs in the Asia-Pacific region. To date, according to public reporting surrounding the incident investigation, four malware file names and three file hashes associated with the malware have been identified. Visa continues to analyze these indicators of compromise (IOCs) associated with this recent incident. While these IOCs are specifically associated with an investigation involving ATMs in the Asia-Pacific region, Visa notes that the methods employed by the criminals in this incident represent a broader criminal threat to ATM manufacturers/models worldwide and their deployers, as per Visa
Each and every size of the business that accepts credit and debit cards on-line or in-person needs to be compliant by PCI DSS. As from January 2017 this requirement will be mandatory to the smaller, level 4 merchants as well.
Business owners need to be aware about the business and financial impact in case of the breach where Visa will be giving a fine of 5,000 dollars monthly until the breach is fixed and the compliance will be achieved. Other card brands would provide with a similar fine in case of the breach and non-compliance.
Visa has highlighted two security issues regarding Magento vulnerabilities and PoSeidon POS malware in the attached data security alerts: