Posts tagged PCI

3 min PCI

How PCI Compliance Helps Keep Your App’s Credit Card Data Safe

In this blog, we break-down why you and your organization should be committed to the Payment Card Industry Data Security Standard (PCI DSS, or PCI).

3 min InsightIDR

Utilize File Integrity Monitoring to Address Critical Compliance Needs

To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.

2 min Compliance

The British Airways Breach: PCI is Not Enough

Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.

4 min InsightIDR

PCI DSS Dashboards in InsightIDR: New Pre-Built Cards

No matter how much you mature your security program [https://www.rapid7.com/fundamentals/security-program-basics/] and reduce the risk of a breach, your life includes the need to report across the company, and periodically, to auditors. We want to make that part as easy as possible. We built InsightIDR [https://www.rapid7.com/products/insightidr/] as a SaaS SIEM [https://www.rapid7.com/solutions/siem/] on top of our proven User Behavior Analytics (UBA) [https://www.rapid7.com/solutions/user-beh

2 min Nexpose

Maximizing PCI Compliance with Nexpose and Coalfire

In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.  Our goal was to find that classic sports car blend of style and power: a vulnerability assessment solution that was as streamlined and easy to use as possible, but robust enough to significantly improve the customer's security.

2 min Compliance

Top 3 Takeaways from the "PCI DSS 3.0 Update

In this week's webcast, Jane Man [/author/jane-man] and Guillaume Ross [/author/guillaume-ross] revisited the latest PCI DSS 3.0 requirements. Security professionals need to be diligent to remain compliant and secure. Jane and Guillaume discussed some key results from the Verizon 2015 PCI Compliance Report, tips and tricks for complying with requirements 7, 8, and 10, and touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways from the “PCI DSS 3.0 Update: How to Restrict

2 min Metasploit

Creating a PCI 11.3 Penetration Testing Report in Metasploit

PCI DSS Requirement 11.3 requires that you "perform penetration testing at least once a year, and after any significant infrastructure or application upgrade or modification". You can either conduct this PCI penetration test in-house [/2011/10/20/pci-diy-how-to-do-an-internal-pentest-to-satisfy-pci-dss-requirement-113] or hire a third-party security assessment. Metasploit Pro offers a PCI reporting template, which helps you in both of those cases. If you are conducting the penetration test in

1 min PCI

PCI Compliance Dashboard - New version including SANS Top20 Critical Security Controls

Hi, According to what we are hearing from the field, there are quite a big number out there of active users of this PCI Compliance Dashboard. Encouraged by your feedback and your assitance we worked on this new release. Among other great enhancements it encompasses references to the SANS Top 20 Critical Security Controls. A deeper analysis paper on PCI-SANS matching and deviation areas will follow but for now on, enjoy this new version of the PCI Compliance Dashboard. What's New? * Add a tabl

2 min Metasploit

PCI DIY: How to do an internal penetration test to satisfy PCI DSS requirement 11.3

If you're accepting or processing credit cards and are therefore subject to PCI DSS, you'll likely be familiar with requirement 11.3, which demands that you "perform penetration testing at least once a year, and after any significant infrastructure or application upgrade or modification". What most companies don't know is that you don't have to hire an external penetration testing consultant - you can carry out the penetration test internally, providing you follow some simple rules: * Sufficie

1 min PCI

What to do if your organization can't demonstrate four passing PCI internal or external scans

Two cases: 1) Your company is assessed for the first time: Entities participating in their first ever PCI DSS assessment are only required to demonstrate that the most recent scan result meets the criteria for a passing scan, and there are policies and procedures in place for future quarterly scans, to meet the intent of this requirement. So to be compliant with 11.2 the first time you are assessed, you only need to demonstrate that the most recent scan is a PASS. 2) Reassessment (from th

2 min PCI

PCI Newsletter #2 - Payment processing terminology and workflow

Hi Everyone, This is our second PCI 30 sec newsletter. One cannot move through the PCI ecosystem without basic understandings of the payment processing terminology and workflow. So let's have a look behind the scene. The payment processing terminology In a nutshell, the payment transaction could be depicted as follow: We have cardholders that make payment card purchases from merchants, merchants that send payment transaction data to their acquirers, and acquirers that send payment transacti