3Delta Systems has announced that it has been certified to directly process electronic payment transactions with RBS WorldPay. RBS WorldPay offers merchants an range of payment processing solutions – from face-to-face to online, servicing all sizes and sectors of business. READ MORE

Commidea, a card payment processing solution provider in the UK, has announce the launch of Ocius Sentinel - calling it "the UK's first solution to offer both true end-to-end dual encryption and tokenisation. Ocius Sentinel has been fully certified for use by the major UK acquiring banks." READ MORE

CyberSource has announced the incorporation of automated account updating services into its Enterprise Payment Security 2.0 solutions. According to the company, "customer billing records tokenized in CyberSource's remote secure storage servers can now be automatically updated with new account information (such as bank card expiration data or replacement card number) via the CyberSource Account Updater Service." READ MORE

First Data and RSA have announced they are teaming up to provide a new service called First Data Secure Transaction Management - "engineered to enable merchants to secure payment card data and remove it from their environment while allowing access when needed." The new service "is designed to dramatically reduce the cost and complexity of complying with the Payment Card Industry Data Security Standard (PCI DSS)." READ MORE

VeriFone has announced the formation of a Global Security Solutions Business Unit - saying it will be "focused on delivering innovative security solutions, including VeriShield Protect end-to-end encryption, to protect cardholder data throughout merchant and processor systems." Jeff Wakefield, formerly vice president of marketing for VeriFone’s Integrated Systems business, was named general manager and vice president of the new business unit. READ MORE

Glenbrook is looking for more information about providers who are providing tokenization and/or encryption products/services to merchants to help them reduce the scope of their PCI-DSS compliance obligations?

Last week, several companies responded to our Twitter tweets and LinkedIn status asking for more information - if you've already responded via email, there's no need to do so again!

But, If your company does provide tokenization/encryption services and hasn't already responded, then please do respond to this survey and tell us more about your offering. You can click "Read More" to answer our mini-survey or click here to open a fresh copy. READ MORE

Radisson Hotels & Resorts has issued an open letter to its customers informing them that the computer systems of some Radisson hotels in the U.S. and Canada were accessed without authorization. According to the company, "this unauthorized access was a violation of both civil and criminal laws. Radisson has been coordinating with law enforcement to assist in their investigation of this incident. While the number of potentially affected hotels involved in this incident is limited, the data accessed may have included guest information such as the name printed on a guest’s credit card or debit card, a credit or debit card number, and/or a card expiration date." READ MORE

Based on an interview with Heartland Payment Systems CEO Robert Carr, Rachael King writes for BusinessWeek about lessons learned during the Heartland data breach that began in 2008 and was discovered and announced in January 2009.

Merchant Link has announced that it will offer later this year its TranactionVault hosted credit card security product and service to users of the latest version of the MICROS OPERA Property Management System (PMS). READ MORE

The Payment Card Industry (PCI) Security Standards Council must take the lead in developing a collaborative approach with merchants in defining more open standards for future PCI Data Security Standard (DSS) requirements, stressed NACS (the National Association of Convenience Stores) and several other trade associations in a June 8 letter to the Council. READ MORE

Hypercom, Ingenico, and VeriFone have announced the formation of the Secure POS Vendor Alliance - SPVA, a non-profit business organization chartered with implementing common payment security standards among vendors of secure point-of-sale (POS) devices used by retailers, acquirers and cardholders alike. READ MORE

More electronic records were breached in 2008 than the previous four years combined, fueled by a targeting of the financial services industry and a strong involvement of organized crime, according to the "2009 Verizon Business Data Breach Investigations Report" released today. Full press release here. READ MORE

Visa chief enterprise risk officer Ellen Richey told security experts today that payment card data fraud rates remain near historic lows despite economic woes and high-profile compromises, and called for continued industry investment, collaboration and innovation, three key components in keeping the electronic payment system secure in the future. She made her comments to a gathering of business, government, academic and law enforcement officials at Visa's Global Security Summit, its third cross-functional symposium on payment security, held in Washington, DC. READ MORE

Voltage Security has announced major enhancements to Voltage SecureData, supporting more environments and platforms, including end-to-end encryption across distributed environments such as those used by retail and payment processors. "Voltage customers are finding it easier to protect their data end-to-end, comply with regulations and protect sensitive customer information from the moment it is collected." READ MORE

Heartland Payment Systems has announced that "it has formed an internal department dedicated exclusively to the development of end-to-end encryption to protect merchant and consumer data used in financial transactions. For the past year, Robert O. Carr, Heartland's chairman and chief executive officer, has been advocating for payments industry adoption of this technology - which will protect data at rest as well as data in motion - as an improvement for payment transaction security." READ MORE

With all of the news this week surrounding the payment card data breach at Heartland Payments Systems, we've added a new section to the Payments News Bookstore with several new books covering the topic of PCI-DSS (Payment Card Industry-Data Security Standard) compliance. If you're aware of any we've missed, please send us Feedback and we'll add them to the bookstore.

In addition to these books about the subject, the PCI Security Standards Council website is a great starting point for learning more about PCI-DSS.

Heartland Payment Systems issued a press release today saying that it had "added more than 400 merchants to its client base in the past few days - exceeding results for the same period from last year" - and including a statement from founder, chairman and CEO Robert O. Carr on the response his organization has made to the announcement earlier this week of a payment card data breach at Heartland. READ MORE

Eric Dash and Brad Stone report for the New York Times on the payment card data breach announced yesterday by Heartland Payment Systems. The compromise may have occurred as early as last May but wasn't detected until late last fall.

The Heartland breach also showed that in spite of the adoption of more stringent standards and tougher oversight by banks and credit card companies, consumers are still vulnerable."

Heartland Payment Systems has announced it has learned it was the victim of a security breach within its processing system in 2008. Heartland says it "believes the intrusion is contained." The company has created a website for "to provide information about this incident and advises cardholders to examine their monthly statements closely and report any suspicious activity to their card issuers."

Brian Krebs reports for the Washington Post that the breach "may have led to the compromise of more than 100 million credit and debit card transactions."

The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards.

Discover Financial Services has announced it is rolling out an enhancement to its Discover Information Security and Compliance (DISC) program that the company says "will streamline the validation and reporting process, making it easier for merchants that process transactions on the Discover Network to communicate their compliance with the PCI Data Security Standard (DSS)." READ MORE

Fireman’s Fund Insurance Company has announced the introduction of what it's calling "the first coverage for retailers that experience a breach of their payment card security system." READ MORE

[Reposted from my personal blog: www.sjl.us]

I happened to hear from Peter Wayner that he's got new editions of both his Disappearing Cryptography (third edition) and Translucent Databases (second edition) now available.

Disappearing Cryptography is available from Amazon while it looks like Translucent Databases, for the moment anyway, is only available on the publisher's web site.

The PCI Security Standards Council (PCI SSC) has announced that it has launched a quality assurance program for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). According to the PCI SSC, "the new program was designed to provide QSAs and ASVs with a set of requirements that helps ensure they provide consistent, quality validation and assessment services to merchants and service providers." READ MORE

The PCI Security Standards Council, the standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), has announced it will be offering a complimentary webinar, "Understanding PCI DSS Version 1.2,” to be held on Tuesday Nov. 25, 2008 at 11:30 a.m. EST and at 7:30 p.m. EST. The session will be repeated on Wednesday Dec. 17, 2008 at 10:30 a.m. EST and 8:30 p.m. EST. READ MORE

Visa has announced global mandates for compliance with the Payment Card Industry Data Security Standard (PCI DSS) - saying it is "creating a consistent framework for compliance among merchants, service providers and their agents." READ MORE

mChek has announced it has been certified as compliant with the latest Payment Card Industry, Data Security Standard 1.2. mChek believes it is "one of the first payment products globally to be certified as PCI DSS 1.2 compliant." READ MORE

The PCI Security Standards Council (PCI SSC) has announced the general availability of version 1.2 of the Payment Card Industry Data Security Standard (PCI DSS). According to the Council, "this latest version is the culmination of two years of feedback and suggestions from its industry stakeholders and is designed to clarify and ease implementation of the foremost standard for cardholder account security. Version 1.2 is effective immediately and version 1.1 of the standard will sunset on Dec. 31, 2008. The updated standard and supporting documentation is available on the Council’s Web site at https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml." READ MORE

The PCI Security Standards Council (PCI SSC) has announced the availability of a summary of forthcoming changes to PCI DSS as it moves from version 1.1 to the previously announced version 1.2 in October. READ MORE

CyberSource and Trustwave have announced a partnership to provide payment security solutions to Trustwave and CyberSource merchants in the United States and Europe. The solutions "will help merchants streamline compliance validation with the Payment Card Industry Data Security Standard (PCI DSS), providing a complete set of payment security services for merchants." READ MORE

MasterCard Worldwide has announced the availability of three new seminars designed to help merchants protect payment card data and reduce the likelihood of reputational risk and the incidence of fraud. The new seminars are titled "Data Encryption: Understanding Encryption and PCI DSS," "Network Segmentation," and "Maximize Internal Preparations for PCI DSS." READ MORE