Pci Express Faq

Like this story? Share it

A 403 Labs QSA, PCI Columnist Walt Conway has worked in payments and technology for more than 30 years, 10 of them with Visa.

This past week, Citigroup announced its credit-card systems were hacked, compromising the card information on approximately 360,000 individuals. If this were a retailer, we would expect to see the card brands order a formal review by a PCI Forensic Investigator (PFI), a re-assessment of the retailer’s PCI compliance at the time of the breach and possibly significant fines and other penalties. Will Citi treat itself as harshly as it does its retailer customers that are breached? I wonder (and I imagine just about every merchant or processor that paid for PCI compliance or suffered a breach is wondering, too) if Citigroup will face similar consequences?

Just about a year ago, I raised the question of whether payment-card issuers should have an outside assessment of their PCI compliance . Everyone understands that issuers need to be PCI compliant. The PCI Council’s Frequently Asked Questions (FAQ) #5391 confirms this position with the statement: “PCI-DSS applies to any entity that stores, processes or transmits cardholder data and any such entity is expected to comply with PCI-DSS, including issuers.”

The big difference between merchants and issuers, however, is how they validate their compliance. Or I should say, whether they even need to validate their compliance. That same FAQ continues: “At their discretion, payment-card brands may require issuers [emphasis added] to validate PCI-DSS compliance.” In this case, the payment-card brands are American Express, Discover, JCB, MasterCard and Visa.

Let’s be clear on one thing: This data breach is a big deal. Based on public reports (I have no first-hand or inside information), hackers broke into Citi Account Online sometime in May and made off with the names, PANs, E-mail addresses and other personal information on roughly one percent of its 21 million North American customers. Maybe one percent doesn’t sound like a big number, but it translates into about 360,000 compromised accounts, which is a big number. Note, too, that the “other personal information” compromised could lead to identity theft and much more serious consequences for individuals than the inconvenience of having their credit or debit card replaced.

WinTV-HVR-2200 MC PCI-Express. Trying to record from S-Video ...

On a good note, I followed your suggestion of getting a 3rd party application. So I download Media Portal . This application is a media center, and had a button to input S-video inputs as an option under the Analogue Tuner settings. Tested to input from my camcorder and it worked! What a relief! Media Portal seems to be a very flexible replacement for WMC. I just need to setup and test to digital tuners etc to see if those parts work too.

PCI express system architecture

PCI Express Design & System Architecture

Introduction to PCI Express, a hardware and software developer's guide

Upgrading and repairing PCs

Maximum PC