Despite the best precautions, it is impossible to protect your network against every attack. When the inevitable happens, your log data can be critical for identifying the cause of the breach and collecting evidence for use in the legal system. That is, if your logs were properly configured before the breach happened.
Article Source: http://www.cpatechnologyadvisor.com/print/The-CPA-Technology-Advisor/Are-Your-QuickBooks-Clients-PCI-Compliant/1$2917
Just in case you don’t already have enough to do, I have a suggestion for your next billable service that may provide a nearly endless amount of billable work for you and your firm.
If you haven’t heard by now, the Payment Card Industry (PCI) Security Standards Council has developed a rigorous set of “data security standards” (DSS) for how businesses must protect the security of customer credit card numbers.
The latest PCI-DSS compliance stats for the U.S. released by Visa on Monday (August 2) show a tiny increase in the compliance rate for Level 1 retailers since the last report, from 95 percent to 96 percent. The increase, though, may be a statistical anomaly: The number of merchants in that category dropped from 360–where it had been for the last two reports–down to 358. If one of those retailers was non-compliant, that might explain the difference right there.
By Practical eCommerce's count, there are nearly 600 English-language shopping carts. These include hosted carts, licensed software carts and open-source carts. There are small ones with just a few clients, and large ones with tens of thousands of clients.
The huge growth in the payment of goods or services over the internet, or by phone or mail, is responsible for the loss by merchants of about $89 million last year through fraud when credit cards used in a business transaction are not seen by the seller.
CQR Consulting technical assurance director Phil Kernick said this "card-not-present'' type of fraud was up 20 per cent from 2008.
Global PCI DSS Training Program Reduces Cost of Meeting Compliance Requirements
There is an abundance of technologies which focus on security while other technologies have security features built into them. It can be overwhelming choosing the right technology to meet your security requirements. Yet, any technology would be rendered useless without operational security. Incorrect implementations, misconfiguration, poor procedures, lack of contingency plans, untrained or undisciplined personnel all contribute to poor operational security.