Mobile payments as a financial transaction medium emerged around a decade ago. Adoption was slow due to the nature of the mobile technology supporting the concept. However, recent significant advances on the technology front have made this area one of burgeoning growth in the financial services sector. Services-based and text-based payment and proximity device communications are appearing worldwide. Widespread use of smartphones and consumer comfort with mobile devices for more than communication are the principal drivers of a resurgent and increased interest in mobile payments. In addition, advances in software and hardware security techniques have made trusted financial transactions possible from these devices. This white paper examines the current state and nature of the mobile payments market, some of the relevant enabling technologies, and looks at the relevant risk, security and assurance issues that security and audit professionals will want to consider when developing and evaluating mobile payment services.
|
Posted by ISACA 398 days ago
|
Posted by ISACA 680 days ago
|
Volume 2, 2012
by Steve Markey
This article discusses the genesis for CSIR testing, several testing methodologies and/or exercises with which an organization can assess the maturity of its CSIR plan/program.
|
Volume 1, 2012
by Mathew Nicho, Ph.D., CEH, SAP-SA, RWSP
With more and more transactions based on credit cards, merchants dealing with these are forced to comply with standards such as PCI DSS v2.0 or face huge penalties.
|
Volume 1, 2012
by Prakhar Srivastava and Tarun Verma
Log management can play a pivotal role in addressing PCI DSS requirements, be a success factor and enabler for safeguarding cardholder transaction data, and provide a secure and vulnerability-free environment for cardholders.
|
Volume 6, 2011
by Pritam Bankar, CISA, CISM and Sharad Verma
This article is intended to showcase the changes made to PCI DSS v2.0 over v1.2 to further assist with detailed understanding of the control requirements to facilitate the PCI compliance process.
|
Volume 2, 2011
by Pritam Bankar, CISA, CISM and Sharad Verma
This article contains the results of a mapping of Payment Card Industry Data Security Standard (PCI DSS) v2.0 controls with COBIT 4.1.
|
Volume 1, 2011
by Tim Horton
The leading reason why companies fail their Payment Card Industry Data Security Standard (PCI DSS) assessment is that they fail to protect cardholder data.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
Family-owned Cisero's claims Elavon Inc., its former payments processor, and U.S. Bank, its former acquirer, illegally charged the Park City, Utah, restaurant fees and fines after an alleged card breach. Elavon and U.S. Bank are part of U.S. Bancorp.
Contracts between merchants, acquiring banks and processors are complicated. "The entire system is like a complex labyrinth of rules, contracts, security standards and other processes that most merchants believe is stacked against them," says David Navetta, founding partner of the Information Law Group who has represented merchants in similar situations. "It is a difficult and expensive process."
...
|
Although a bit old (from August 2011), it is a very useful "Information Supplement".
This Information Supplement provides guidance and recommendations for deploying wireless networks including 802.11 Wi-Fi and 802.15 Bluetooth technologies, in accordance with the Payment Card Industry Data Security Standard (PCI DSS). The goal is to help organizations understand and interpret how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and to provide practical methods and concepts for deployment of secure wireless in payment card transaction environments.
This document focuses on 802.11 Wi-Fi and 802.15 Bluetooth technologies, and does not cover cellular networks (GSM, GPRS, etc).
All references made to the PCI DSS in this document refer to PCI DSS version 2.0.
|
How to comply with the global standard without breaking the bank.
Contributed by ISACA on 30 Jun 2010
|
Does your organization treat compliance as a set of check boxes designed to meet the auditors' requirements? If so, you are wasting a lot of time, money and precious IT resources. This white paper is a roadmap for making compliance a painless, efficient, and routine part of your processes.
Contributed by ISACA on 30 Jun 2010
|
There are a number of changes that financial institutions need to review in version 1.2 to determine the impact to their organization.
Contributed by ISACA on 29 May 2010
| |
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 0 comments
|
Como much@s de vosotr@s sabréis, recientemente se ha publicado la versión 2.0 del estándar PCI-DSS, por lo que he pensado que podría ser interesante compartir mi análisis de los cambios (el PCI Council ha publicado un documento titulado "Summary of Change...
Posted By : Antonio Ramos | 0 comments
|
|
Continuando con el post anterior vamos a comentar el otro documentado liberado por el PCI Council a principios de octubre relativo a la aplicabilidad de PCI-DSS en los entornos EMV [pdf]. Ante la duda que podía surgir sobre si en los entornos EMV debíamos...
Posted By : Antonio Ramos | 0 comments
|
El pasado 5 de octubre, el PCI Council publicaba una guía denominada "Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance" (pdf)
dada la importancia creciente de esta tecnología (más conocida como
P2PE) y las muchas interpretaci...
Posted By : Antonio Ramos | 0 comments
|
|
|