The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholder data. One of the key (and almost always applicable) requirements of PCI DSS is that organizations must perform internal and external penetration testing for the entire scoped environment—this not only applies to systems that store, process, or transmit cardholder data, but also those that can impact the security of cardholder data.
Among the many changes in the new PCI DSS v4.0 are those regarding requirement 11.4.4, which refers to the remediation of "exploitable vulnerabilities" and "security weaknesses”—though history has more clearly established what is meant by the former, there may be some confusion concerning the latter as organizations continue to make the transition to the new version.
While most healthcare providers don’t recognize that managing and securing payment data follows the same notions as managing and securing protected health information (PHI), from concept to implementation, these can, and should, work hand in hand.
As in nature, many elements function together to support the payment ecosystem, which—as a whole—creates what is our largely digital economy. Of course, due to the sensitivity of the information contained within that ecosystem, some elements are subject to compliance with the PCI DSS security requirements.
One of the latest intriguing developments in the field of artificial intelligence (AI) is ChatGPT—a natural language chatbot that answers questions submitted by a human user. It’s taken off in such a way that many are using ChatGPT to assist in streamlining their writing needs, but how helpful is the bot, really?
In the film classic, Indiana Jones and the Raiders of the Lost Ark, our hero Indy tries to beat the booby trap security in a cave to steal a golden idol. He thinks he’s won when he switches the idol for a similarly sized bag of sand, but then finds he has to navigate flying darts, a dropping wall, and a chasm before he’s through.
It seems like Apple releases a new version of the iPhone every year these days, and despite all the new iterations featuring similar looks, builds, and functions, there’s always that period where everyone has to get used to the new thing.
Banking regulation has always been a bit of a tennis match—a back-and-forth between more regulation, and then less. Before the shift to deregulation starting in the 1980s, banks adhered to state and federal banking laws, as well as narrow lines of business. After years of phased-in deregulation, the pendulum swung back. Now regulatory and industry compliance for banks includes more rules than ever before: privacy laws, federal trade regulations, non-bank industry regulations, and community impact reporting.