SecureSiteCommerce.ComPany

A harmless looking posting appeared on a Houston-based technology company’s internal website on a recent Friday afternoon.

A couple of workers saw it, and obeyed instructions to click on a Web link. The posting seemed trustworthy. It was on an employees-only message board. And the link referenced news about a favorite company charity.
By clicking on the link, the workers infected their PCs with a virus that shut down the company’s antivirus defenses, says Don Jackson, director of Threat Intelligence at Atlanta-based SecureWorks, who investigated the break-in.

That Sept. 19 caper underscores an alarming shift in the teeming world of Internet crime.

See the full article in USA Today.

Part III - Protect Cardholder Data - Storage of Data

Requirement 3: Protect stored cardholder data

The next part of PCI complaince regards cardholder data - the information people use on your site(s) pertaining to credit cards. In order to be PCI compliant, data must be protected. This can invove encryption, truncation, masking, and hashing in regards to protection of data that is stored. This data should be kept to a minimum.

In addition to protecting data which is stored, an agency must also develop ways to limit damage that may occur in the event that data is compromised. This includes coming up with a data retention and disposal policy, and not storing sesnsitve data after authentication has occured.

Full guidelines for PCI compliance can be found at the PCI Compliance website.