GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

What does Washington have in store for acquiring?


Industry Update

PayAnywhere's retail rollout, acquirer opportunity

Silicon Valley Day offers tech insight

PCI SIG risk assessment guidance released


How and when to apply the facts of business life

Mobile banking provides a pathway to mobile payments

Stephen Kiene and Jeff Crawford
First Annapolis Consulting

Research Rundown

U.S. e-commerce spending at a glance: 2007-2012

Loyalty and the holiday spirit

Selling Prepaid

Prepaid in brief

Underbanked come into focus

Change is afoot for Canadian prepaid


What Amazon's wine distribution model portends for payments

Brandes Elitch
CrossCheck Inc.


Street SmartsSM:
Building a road map for the coming year

Jeff Fortney
Clearent LLC

The ROI of training

Joe Porco

How to handle your new 1099-K tax responsibility

Troy Thibodeau
Convey Compliance Systems Inc.

200 ways to get noticed - Part 2

Nancy Drexler
Acquired Marketing

Marketing your business in 2013: Do you have a plan?

Peggy Bekavac Olson
Strategic Marketing

Company Profile

The Phoenix Group

New Products

Mobile inventory manager


POS terminals built for hospitality

P1230 and P1530
NCR Corp.


Appreciation, moderation make for merry holidays



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

December 10, 2012  •  Issue 12:12:01

previous next

PCI SIG risk assessment guidance released

The PCI Security Standards Council (PCI SSC) recently released a set of best practices designed to help organizations assess and correct security vulnerabilities.

The supplement's objective is to help merchants, service providers, acquirers and issuers comply with the Payment Card Industry (PCI) Data Security Standard (DSS). The document was produced by the PCI Risk Assessment Special Interest Group (SIG), which included representatives from banks, retailers, security assessors and technology vendors.

The PCI DSS requires businesses to have a process for assessing payment card data threats and vulnerabilities in their payment systems. This is in addition to requiring that businesses take certain steps to protect data, as well as correct vulnerabilities found.

A risk assessment helps companies to reduce exposure to data theft. The new PCI DSS Risk Assessment Guidelines Information Supplement offers guidance from members of more than 60 payments industry organizations.

A key focus area for stakeholders

"As there are a number of risk assessment methodologies out there, our stakeholders were looking for guidance on how to effectively apply these principles to their organizations to meet PCI requirements," said Bob Russo, General Manager of the PCI SSC. "As an open standards body, SIGs are one of the many ways we're able to tap into the brain trust that is our global community."

The supplement recommends that businesses formalize risk assessment methodology in a simple way that accommodates the corporate culture and organizational requirements. It also urges businesses to implement risk assessment continuously to mitigate threats and vulnerabilities quickly.

The document additionally reminds businesses that implementing risk assessment doesn't relieve the organization of its duty to comply with the PCI DSS or other PCI standards. And it emphasizes formal training on risk assessment processes for risk assessors to help them understand threats and vulnerabilities that could negatively impact their companies' systems.

For additional news stories, please visit and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | Simpay | USAePay | Impact Paysystems | Board Studios