Be Ready for PCI Changes Coming July 1

Just a friendly reminder to those who process credit card transactions that July 1 is a key date, in terms of security compliance.  On this date all North American merchants who process transactions must be making use of Payment Application Data Security Standard (PA-DSS) verified  payment applications, in support of the Payment Card Industry Data Security Standard (PCI DSS).  A payment application is anything that processes a credit card transaction.  For example, the machine that swipes a credit card in a gas pump and the point of sale (POS) device at a convenience store counter are both considered payment applications, and need to be certified.  Failure to use verified devices could result in penalties.

Also, as this post over at NetworkWorld points out, all PCI DSS compliant businesses that are processing credit cards need to make sure that none of their Wi-Fi networks are using WEP (Wired Equivalent Privacy) to secure their access points after June 30, 2010.  Current access points offer WPA or WPA2 (Wi-Fi Protected Access) as a security protocol; however, if you have older access points in your network, you need to make sure they are not using the deprecated WEP protocol, as it is not secure.  Leaving such access points in place would jeapordize the PCI DSS standing of a merchant.

One last bit of PCI DSS news this month concerns the cycle at which updates to the PCI DSS standard will be published by the the PCI Security Standards Council.  It was announced earlier this week that it will move to a three-year cycle when updating the technical standards for protecting payment card information. This new schedule will give merchants more time to adopt the changes, which has been a common request.

If you have questions about how to make sure your network is up to the task of providing compliant data security measures to safeguard your business and protect customer data, give us a call.  We’re ready to assist you with PCI DSS issues, and connect you to our PCI DSS approved payment processor extranet, which will ensure your business is using a secure network that is ready to protect the transactions your business relies on.

Posted on the MegaPath Connecticity Blog.

Credit Card Security Is Serious Business

 Yesterday Janet Wong published an article on our blog about how a lack of security compliance can be costly to your business. Fewer than 24 hours later, VentureBeat reported how a certain Google search revealed the credit card numbers of some Blippy users. (Blippy is a social shopping site that describes itself as ‘a fun and easy way to see and discuss what everyone is buying’). The most recent post I’ve seen on VentureBeat asks if this incident will damage their business.

Philip Kaplan, one of the cofounders of Blippy (who some may remember as Pud at F——, has posted his response to the situation on Blippy’s blog. Blippy reports they worked with Google to remove the search results in about 2 hours time. It is also interesting to note that Blippy includes a special section entitled ‘Security’ on their Privacy Policy page.

All of this makes Janet’s post very timely, and I encourage you all to read it. To note that protecting the private data that customers (or in this case site users) entrust to your business is critically important almost seems like a given. While the saying goes ‘there’s no such thing as bad publicity’, in a case like this, I doubt it will hold true.

Posted on the MegaPath Connectivity Blog.

10 Topics for 2010

With the end of the year coming up fast, it seems like it is a good time to take a look at what 2010 has in store for us. Several trends in business connectivity have developed over the last year, and will continue to further evolve in 2010. Here is a list of 10 topics you should take into consideration as you do your planning for next year.

SIP Trunking – VoIP really exploded this year, due both to the increased functionality and the cost savings it offered to so many companies. In 2010, combining SIP trunking with MPLS and security is going to really take off.

Managed Security – Everyone knows that security is vital in today’s business climate. In fact, in many instances it is mandated. More SMBs and small enterprises, who don’t necessarily have dedicated IT staff, will be outsourcing this function to a partner whose 24/7/365 NOCs will monitor and ensure that communications integrity is maintained.

Extended Workforce – Several events over the last year, including the H1N1 flu pandemic and various disasters, highlighted the need for the workforce to be able to access corporate communications from their home offices. Telecommuting will see large scale adoption in 2010. Make sure you work with a partner who can reach your team wherever they are, and with DSL, Cable, Satellite and Wireless options.

Enterprise Social Networking – Facebook and Twitter exploded in 2009, and the communication capabilities they offer will invade the workplace in 2010. Look for various offerings in both internal and cross-company social networking in 2010, and make sure your network has the security and connectivity necessary to meed the demands of these applications.

Cloud Computing – We’ve been hearing about this one for a while, but I expect 2010 will be the year many companies move to adopt this technology. With Google and Microsoft both prepared with web applications, and with many companies having broadband connectivity in place, it seems like this is the year this might all come together.

Business Ethernet – Ethernet has always been a simple, high speed bandwidth option used for the LAN. In 2010, we will see large scale adoption of Business Ethernet for the WAN by SMBs and Enterprises due to the new economics that allow you to leverage these large pipes for a low cost.

Enterprise Video – Telepresence, Video Conferencing, Video Surveillance and Video Training will all see a major push in the next year, as businesses leverage these technologies to save costs, increase revenues and keep their workforces up to speed. It is vital that your network partner be ready with QoS enabled across many bandwidth options so you that you can be sure the video gets through loud and clear.

Extended Enterprise – People now work wherever they happen to be. In 2010, we will see more adoption by Enterprises of systems and policies that allow people to access anyone, from any location, on any device, at any time. Managed SSL VPNs will enable businesses to realize such a goal, while lowering costs and ensuring the security of sensitive data at all times.

Wireless Data – The application of wireless technologies to business communications will continue to grow. For years now, businesses have leveraged wireless voice applications to great success. In 2010, we will continue to see more deployment of data applications across wireless networks, both 3G and 4G. Wireless data technologies can enable rapid provisioning of communications to a store, offer an excellent option for backing up wireline communications, and can be used by your mobile workforce to access corporate data on devices such as Netbooks.

Payment Card Security – Securing credit card transactions will be the focus of a great deal of activity in 2010. The Payment Card Industry Data Security Standard (PCI DSS) will continue to evolve (PDF), and changes in areas like wireless networking will need to be implemented in 2010. All levels of merchants should be working with a PCI DSS Validate Service Provider (PDF) payment card extranet partner to make sure they are ready for the changes in the coming year.

Posted on the MegaPath Connectivity Blog as “10 Topics for 2010.”

Nevada Bets on PCI

Nevada has become the latest state to integrate the PCI specification into state law. Previously, Minnesota’s Plastic Card Security Act (PDF) had gotten the ball rolling by including part of the specification, but Nevada (PDF) has written the entire standard into its law.

Looks like a trend to me, and I won’t be surprised to see other states using the Nevada law as a basis for their own efforts into the area of fraud prevention.

If you’re doing credit card transactions and your not PCI compliant right now, I think that pretty soon you will be. We have a white paper (PDF) available on Payment Data Security which will help you in getting started in your PCI efforts

Posted on the MegaPath Connectivity Blog as “Nevada Bets on PCI.”