The E3 Blog

Archive for June, 2011

Reducing the Scope of PCI-DSS, Increasing Compliance and Minimizing Risk

by Larry Godfrey | Tuesday, June 28th, 2011

Coalfire Systems, a leading Payment Card Industry (PCI) Qualified Security Assessor (QSA), performed two independent assessments of our E3™ end-to-end encryption solution. The first report, released in November 2010, documented that using the E3 standalone terminal has the potential to reduce PCI scope by up to 79 percent. The second report, released in January 2011, documented that using the E3 magnetic stripe reader (MSR) wedge could eliminate the need for PA-DSS validation and has the potential to reduce PCI scope by as much as 69 percent. Both reports contained two tables:

  1. The first table listed the 12 main PCI-DSS requirements and the potential scope reduction possible.
  2. The second table detailed the possible scope reduction for all 200+ individual PCI-DSS requirements.

Within the 2011 Verizon Data Breach Investigation Report, there was a table based on post-breach reviews that documents the percent of investigated organizations that were compliant with each of the specific 12 PCI-DSS requirements. The table included data from the 2008, 2009 and 2010 Verizon reports as well as the 2010 PCI Compliance Report.

I thought it would be interesting to compare the table of PCI-DSS requirements as documented by Coalfire in the E3 assessments to the average of the four reports that Verizon listed (last column). (more…)

Data Breach Intel

by Larry Godfrey | Thursday, June 23rd, 2011

The Verizon RISK Team recently released its 2011 Data Breach Investigations Report. This year’s report included data from the U.S. Secret Service and the Dutch High Tech Crime Unit.  The data reported spans 761 investigated compromise incidents in 2010 and contained some interesting results, especially for the small and medium sized business. The report is very well done and a must-read for anyone in the business of protecting their customers’ data.

Here are some of the highlights:

  • 92% of attacks were not highly difficult
  • 96% of breaches were avoidable through simple or intermediate controls
  • 89% of victims subject to PCI-DSS had not achieved compliance
  • 83% of victims were targets of opportunity
  • 57% of investigations were businesses with 11-100 employees
  • 40% of breaches were in the hospitability industry (restaurants and hotels)

(more…)

 
You are now leaving E3Secure.com
You will be leaving the E3secure.com domain and entering an external link. The link provides additional information that may be useful or interesting and is being provided consistent with the intended purpose of E3secure.com. However, E3secure.com cannot attest to the accuracy of this information provided by this link or any other linked site. Providing links to a non-E3secure.com website does not constitute an endorsement by E3secure.com, Heartland Payment Systems or any of its representatives, affiliates or employees or the information or products presented on the site. Also, be aware that the privacy protection provided on the E3secure.com domain (see Privacy Policy) may not be available at the external link.
Go Back Continue