You likely accept credit and debit card payments every day. But with so much sensitive data, you need robust protection against hackers. Luckily, there is a standardized checklist of measures to defend against fraud. These security protocols are called the Payment Card Industry Data Security Standard (PCI DSS). Since that’s a mouthful, people simply say a business is “PCI compliant” to mean it follows these strict protective measures. The top credit card companies enforce these rules. Let’s dive into why your small business needs to stay PCI-compliant. What is PCI compliance? PCI compliance is a prescription of security guidelines intended to protect cardholder data during transactions. The standards were incarnated in 2004 by the Payment Card Industry Security Standards Council (PCI SSC). This body is composed of major credit card companies such as Visa, MasterCard, American Express, Discover, and JCB. Any business that handles credit card information should adhere to these regulations. That’s because PCI compliance also protects businesses. The protocols slash the risk of data breaches and credit card fraud. Consumers trust entities that take security seriously, too. This medley of benefits makes your organization more secure — and more successful. Why PCI compliance is crucial for small businesses There are real-world perks to following these strict security fundamentals. Here are the three main motives behind compliance: Protects Customer Data: PCI compliance ensures customer data is handled securely, lowering the risk of destructive data breaches so you and your customers sleep better at night. Avoids Financial Penalties: Non-compliance can result in steep fines from credit card companies or banks. These fines can enter into the six-figures, which can cripple a small business rapidly. Strengthens Customer Trust: It takes hard work and lots of time to earn a person’s trust. PCI compliance accelerates this process as it develops peace of mind among your customer base. Understanding essential PCI compliance requirements PCI DSS involves twelve primary requirements. Some mandates involve more technical knowledge to implement. But they’re all crucial to a secure payment environment. Let’s explore each of the fundamental requirements. Install and Maintain a Secure Network: This step includes using firewalls to protect data and block unauthorized access to your network. Use Robust Passwords and Security Settings: Avoid using default or weak passwords for systems and devices. Employ strong, unique passwords that are difficult to guess. Related: How to Create a Secure Password Protect Stored Cardholder Data: Encrypt sensitive data, such as credit card numbers, when storing them. Only store data necessary for business operations and ensure it is protected. Encrypt Transmission of Cardholder Data: Use encryption protocols like SSL or TLS to protect data when it is transmitted over public networks. Use and Maintain Anti-Virus Software: Anti-virus software helps prevent malware and other threats from compromising your systems. Keep this software updated to ensure it can defend against new threats. Develop and Maintain Secure Systems and Applications: Regularly update software, including security patches, to protect against known vulnerabilities. Restrict Access to Cardholder Data: Limit access to only employees who need it for their job duties. This step reduces the risk of data being accessed by unauthorized individuals. Identify and Authenticate Access to System Components: Implement user IDs and passwords to monitor who accesses cardholder data and system components. Restrict Physical Access to Cardholder Data: Ensure that any physical copies of cardholder data, such as receipts and photocopies, are stored securely and accessible only to authorized personnel. Track and Monitor Access to Network Resources: Use logging mechanisms to monitor access to network resources and cardholder data. Regularly review these logs for any suspicious activity. Regularly Test Security Systems and Processes: Conduct vulnerability scans and penetration testing to identify and resolve weaknesses in your security systems. Maintain an Information Security Policy: Develop a written security policy that clearly spells out your organization’s approach to PCI compliance and data protection. The four levels of PCI compliance PCI compliance is categorized into four levels based on the number of credit card transactions your business processes annually. Understanding these tiers can help you determine which requirements apply to your situation. Tier Criteria Requirements Level 1 Over 6 million card transactions per year from all sales channels. Must undergo an annual on-site assessment conducted by a Qualified Security Assessor (QSA). Level 2 1 to 6 million card transactions annually from all sales channels. Must complete an annual Self-Assessment Questionnaire (SAQ) and conduct a quarterly network scan by an Approved Scanning Vendor (ASV). Level 3 20,000 to 1 million e-commerce transactions annually. Must complete an annual SAQ and undergo quarterly network scans. Level 4 Fewer than 20,000 e-commerce transactions annually, OR1 million or fewer transactions from all sales channels. Must complete an annual SAQ and conduct quarterly scans. Most small businesses fall under Level 3 or Level 4. As a result, they can often manage compliance themselves with the right tools and guidance. Achieving PCI compliance for your small business Achieving PCI compliance can feel daunting. However, each step is manageable even among smaller organizations. Here’s a step-by-step guide to help you get started: Step 1: Determine your PCI compliance level Identify your level based on the volume of credit card transactions your business processes annually. This figure dictates the type of assessment and documentation you need to complete. Step 2: Complete a self-assessment questionnaire (SAQ) The SAQ is a series of questions that assess your organization’s security practices. Choose the form that matches your business model and payment methods. For example, SAQ A is suitable for merchants that outsource all cardholder data functions to a third party. Tip: SAQs and related resources can be found on the PCI Security Standards Council website. Step 3: Conduct a vulnerability scan Work with an approved scanning vendor (ASV) to perform a vulnerability audit of your systems. This procedure surfaces security weaknesses in your network. Step 4: Address any security gaps Analyze the SAQ and vulnerability scan results to address any identified weaknesses. This response could involve updating your firewall, improving password practices, or deploying more robust encryption.

日期：19 8 月, 2024 10:00:09 分類：李慧芬 Stella Lee  財經大師 評論：在〈[華贏控股SWIN.US。財經quick shot] 2024.08.18 金價創歷史新高，阻力在哪 ? 美元進入下跌浪，什麼位可以沽 ? 港股、上證、美股、白銀、油價 走勢〉中留言功能已關閉 觀看： 145 LinkedIn Email Facebook Twitter WhatsApp source

By Hailey Konnath ( October 23, 2024, 11:18 PM EDT) — A New York federal judge Wednesday agreed to hold a new damages trial in Cognizant affiliate TriZetto’s trade secret misappropriation and copyright infringement dispute with Syntel, a development that comes after the judge wiped out $200 million in damages awards in favor of TriZetto earlier this year…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Environmental, social, and governance (ESG) reporting is hitting the mainstream, as two big tech vendors this week have announced efforts to help enterprise organizations manage their efforts with regard to this major trend. ServiceNow has announced a new integrated ESG solution, powered by its Now digital workflow platform. The technology is designed to help companies work on strategies from enhancing diversity and inclusion to reducing carbon emissions to enabling business resilience, across the enterprise. ServiceNow has also announced the expansion of its alliance relationship with KPMG to deliver ESG-focused solutions and services. Separately, Google Cloud this week launched Carbon Footprint, a new product that gives customers a view of the gross carbon emissions associated with their Google Cloud Platform usage. The announcements come at a time when enterprises are working to improve their ESG initiatives and reporting. Investors, employees, and customers are looking at these efforts to help differentiate who they want to invest in, work for, and buy from in today’s market. Governments are also considering the creation of laws and regulations around ESG reporting and standards for public and private companies. For instance, the US House of Representatives passed an ESG reporting bill over the summer that would apply to public companies. Separately, the US Securities and Exchange Commission has indicated that ESG disclosure regulation will be a central focus of the new SEC Chair. Gartner reported that organizations are ranking regulatory risk related to ESG disclosures higher — it reached the second position on Gartner’s rankings in its Emerging Risks Monitor Report based on a survey of 153 senior executives in the second quarter of 2021. “The survey data partly reflects a global inflection point as ESG disclosures move from voluntary to required,” said Matt Shinkman, VP with the Gartner Risk and Audit Practice. It’s in this environment that Google and ServiceNow made their recent announcements, designed to help organizations with their reporting. “Sustainability is top of mind for every CEO and board,” Jen Bennett, Google’s lead for data and technology strategy for sustainability in the office of the CTO, told members of the media during a conference call. Carbon Footprint is available now to every Google Cloud Platform user for free in the Cloud Console, according to a blog post by Google’s Chris Talbott and Joel Conkling. The tool helps organizations measure, track, and report on the gross carbon emissions associated with the electricity of their cloud usage. “With growing requirements for Environmental Social and Governance reporting, companies are looking for was to show their employees, boards, and customers their progress against climate targets,” Talbott and Conkling wrote in the post. “Using Carbon Footprint, you have access to the gross energy related emissions data you need for internal carbon inventories and external carbon disclosures with one click.” Google said the tool was built in collaboration with customers including Atos, Etsy, L’Oreal, Salesforce, Thoughtworks, and Twitter. The calculation methodology is published to provide transparency to auditors and reporting teams. ServiceNow said its new ESG solution “serves as an operational control tower to help convert companies’ ESG goals into reality by providing visibility and transparency across their ESG programs and initiatives and helping them strategize, manage, govern, and report on these efforts on a single platform.” Components of the ServiceNow solution include ESG management and reporting, project and portfolio management, and integrated risk management tools. “In order for ESG initiatives to be effective, companies must have a complete view of their ESG efforts and performance to know how they are tracking towards their goals,” said Kim Knickle, research director at research and advisory firm Verdantix. “We expect ServiceNow’s new ESG solution will leverage the company’s existing platform to better enable this visibility.” What to Read Next: How CIOs Can Advance Company Sustainability Goals Should Sustainability Be an IT Priority? How to Build a Strong and Effective Data Retention Policy Corporate Diversity Efforts Get Real source

Stockholm-based Lovable has raised $7.5mn in pre-seed funding for its newly-launched AI coding assistant that promises to make everyone a dev. Dubbed GPT Engineer, the AI coding tool generates production-ready code in real-time, without requiring developer experience. According to the startup, users need only chat with the assistant to build websites and web apps. “We want to expand the world’s coding capabilities beyond the current 1% of the population who can program, and make software more accessible as a result,” Anton Osika, co-founder of Lovable, said in a statement. The GPT Engineer GPT Engineer is powered by customised Lange Language Models (LLMs) with vision capabilities, from providers like Anthropic and OpenAI. Lovable says that, thanks to its advanced reasoning, the AI assistant can autonomously create and debug applications, while maintaining their integrity. It can also recognise user intent, provide instant feedback, and understand when to ask for user input based on its limitations. The 💜 of EU tech The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now! The coding assistant can be synced with GitHub, where its open-source Command Line Interface (CLI) version currently counts over 52,000 GitHub stars. Preview of the GPT Engineer platform. Source: Lovable Osika founded Lovable together with Fabian Hedin in 2023. They’re both serial entrepreneurs with a strong background in software development and AI. With the fresh capital, Lovable plans to attract more European talent to its team and to boost its compute resources, data collection, and refinement. Hummingbird VC and byFounders led the funding round, with participation from major Nordic funds, private, and angel investors, including Mattias Miksche, Shopify’s Siavash Ghorbani, Voi’s Fredrik Hjelm, and Creandum co-founder Stefan Lindeberg. “Lovable is entering the market at a crucial time when the demand for software development far outpaces the available talent,” said Firat Ileri, partner at Hummingbird. “Web apps make up 80% of the software we interact with today, yet only a small minority of people can build them.” Lovable’s funding comes amid a wider boom for the AI-powered coding market. Last week, San-Francisco based Poolside raised a staggering $500mn — without even having launched a product yet. source

On Oct. 17, the Network and Information Security 2 Directive takes effect. This means that relevant entities in industries such as energy, transport, water, healthcare, and digital infrastructure that carry out activities within the E.U. must comply with the relevant legislation. NIS 2, which was approved by the European Parliament in November 2022, aims to establish a consistent, minimum cybersecurity baseline across all E.U. member states, involving mandatory security measures and reporting procedures. Organisations subject to the NIS 2 Directive must adopt “measures to manage the risks posed to the security of network and information systems” they use to provide their services, and must “prevent or minimise the impact of incidents on recipients of their services and on other services.” However, according to a survey by data protection software provider Veeam, 66% of businesses operating within the E.U. will miss the compliance deadline. Indeed, 90% have faced security incidents in the last year that compliance with the directive would have prevented. In light of this, TechRepublic has created the following guide breaking down what liable entities need to know about complying with NIS 2. What is the NIS 2 Directive? The NIS 2 Directive is a legislative act that applies to medium to large-sized entities that provide services or infrastructure deemed “critical for the economy and society” within the E.U. It is designed to achieve a high common level of cyber security across the bloc. NIS 2 builds on NIS 1, which was adopted in the E.U. in 2016. NIS 1 applies to “operators of essential services,” which have been identified by each member state, as well as all major “digital service providers,” such as online marketplaces, search engines, and cloud service providers. Member states also set their own non-compliance penalties. NIS 1 asks that eligible organisations: Secure their network and information systems with measures appropriate to their risk levels. Ensure service continuity by taking measures to prevent and minimise the impact of security incidents. Notify the regulator of any “significant” or “substantial” incident within 72 hours of becoming aware of it. Operators of essential services’ compliance with NIS 1 are monitored by audits conducted by authorities, while digital service providers are not audited but could be investigated following an incident that suggests non-compliance. How is NIS 2 different from NIS 1? Building on the original directive, NIS 2 expands its scope across critical sectors including energy, healthcare, transport, and digital infrastructure and introduces stricter cybersecurity requirements. It also covers organisations with at least 50 employees, meaning that many who were exempt from NIS 1 must now comply with NIS 2. Furthermore, the provisions of NIS 2 differ from NIS 1 in several ways: Supply chain risks must be covered in risk assessments, as attacks that exploit them are rising. Root-cause analysis is now necessary after incidents, rather than just reactive measures. Business continuity and disaster recovery plans that minimise disruptions are a primary focus. Security audits, including pen-testing and vulnerability assessments, must be conducted regularly to ensure systems meet the updated security standards. Regulators have stronger enforcement powers, such as random audits and on-site inspections. So-called “management bodies” in “essential” and “important” entities must approve and oversee the cybersecurity risk-management measures their companies have implemented, and they can now be held personally liable for infringements. According to Article 20, they must also receive regular cybersecurity training. NIS 2 also has updated incident reporting rules. The computer security incident response team or other industry-specific regulators must be notified of any incident that has, or could have, a “significant impact” on a business’s services — such as causing severe operational disruption, financial loss, or considerable damage to other natural or legal persons. This encompasses more incident types than NIS 1 did. Incidents must first be reported through an initial alert to regulators within 24 hours, followed by a detailed report within 72 hours, and then both intermediate and final reports within a month. Service recipients will also need to be notified of any impact to their services, and the entity should assist with mitigating it. What are the minimum requirements for risk management measures in NIS 2? The precise NIS 2 regulations that a company must comply with depend on factors such as their size, risk exposure, severity of potential incidents, and the cost of implementing security technologies. However, the following 10 risk-management measures are recommended in the legislation as a minimum: Policies on risk analysis and information system security. Incident response plans. Business continuity, such as backup management and disaster recovery. Supply chain security. Security in network and information systems acquisition, development, and maintenance, including vulnerability handling. Policies and procedures to assess the effectiveness of cybersecurity risk-management measures. Basic cyber hygiene practices and security training. Policies regarding the use of cryptography and encryption. Human resources security, access control policies, and asset management. Multi-factor authentication or continuous authentication solutions. Who must comply with NIS 2? NIS 2 applies to organisations classified as either “essential” or “important” entities that operate within the E.U. — they do not have to be headquartered in the block. Essential entities face stricter requirements than important entities. Essential entities are large organisations that fall into one of the following industries: Energy. Transport. Banking. Financial market infrastructure. Healthcare. Drinking and waste water. Digital infrastructure. Managers of IT services. Aerospace. Government services. Digital infrastructure encompasses some of the digital service providers that had lighter-touch regulations with NIS 1, like cloud service providers but also data centre service providers. Important entities are medium organisations in the industries listed above, and medium or large organisations in one of the following industries: Digital providers. Postal and courier services. Waste management. Food. Chemicals. Research. Manufacturing. Digital providers encompass online search engines, online marketplaces, and social networks, which may have been designated “digital service providers” under NIS 1 or “gatekeepers” under the Digital Markets Act. Large organisations will have either a minimum of 250 employees or an annual turnover of at least €50 million and a balance sheet total of at least €43

港股美國買賣的預託證券造價較本港收市高 滙控 收市折合45.71元——比本港收市跌4仙工商銀行 5元左右———-升0.6仙友邦保險 94.72元———-升9毫7仙騰訊控股 76元————-升2個半長和 59.88元————–升9毫8仙港交所 454.52元———–升2元7毫2仙中國石油股份 3.66元——-升4仙中國石油化工 4.06元——-升1毫1仙中國人壽 15.37元———-跌1仙建設銀行 6.12元———–跌2仙 利福國際認購富力地產6000萬美元票據 金額是6000萬美元，相當於超過四億港元，一年後到期，年利率9.5厘。 中國華融或可能被聯交所除牌 華融上周四收到聯交所發出的復牌指引，要求公司刊發所有未刊發的財務業績，亦要證明公司有足夠業務運作，或擁有相當價值資產。如華融明年9月30日前未能履行復牌指引，聯交所會建議將股份除牌。 評級機構惠譽調低中國恒大信貸評級由B+降至B。 評級機構惠譽調低中國恒大信貸評級由B+降至B，展望負面。評級機構惠譽認同恒大可以實現減債計劃，但面臨極大執行風險，中期亦影響業績表現。 “彭博”消息指，市場憂恒大債務問題，最少三家債權銀行決定今年不再為恒大到期的貸款續期。 恒大回應，有關報道不屬實。 美股連升第二天，納斯達克指數創新高 美股早段投資氣氛審慎，指數先跌後回升。鮑威爾預計未來就業數據強勁，但不會因就業明顯改善或憂慮通脹提前加息，寬鬆貨幣政策取態支持大市進一步向上，標普500指數創近一星期高位。 道指，收報33,945點—–升68點 標普500，報4,246點————-升21點 道指輕微低開後，早段曾跌超過120點，在鮑威爾發言後，曾升至超過160點，重上34,000點水平，但尾市升幅收窄。 遊戲零售商Gamestop成功配股集資超過 10億 美元，股價抽高近10 %。 資金流入科技股，特別近期受支持軟件股，微軟再升 1 % ，創新高，市值曾一度突破20,000億美元。 騰訊持股的內地貨車物流平台滿幫首日掛牌，股價升超過 13 %，市值一度逼近240億美元，成今年最大型美國上市中資股之一。 美匯連跌兩天 一度跌至91.6水平 美聯儲主席鮑威爾表明，不會因擔心通脹而預先加息，寬鬆政策取態拖累美元向下，美匯指數一度跌至91.6水平。 ……………………………………………………..????????讚好Facebook 專頁：https://www.facebook.com/VeriMedia.io……………………………………………………..更多資訊:https://veri-media.io……………………………………………………. LinkedIn Email Facebook Twitter WhatsApp source

The approximately 60,000 employees of BSH Home Appliances Group (BSH) would agree with a phrase invented more than 400 years ago by an Englishman, Sir Francis Bacon. For those employees striving to meet their company’s goal of improving customers’ quality of life at home, Bacon said it best, “Knowledge is power.”   Based in Munich, Germany, BSH, a part of Bosch Group, has become one of the world’s top home appliance manufacturers – from large appliances such as ovens, dishwashers, washers, dryers, and refrigerators to small appliances such as vacuum cleaners and espresso machines. You may even be familiar with some of their brands, like Bosch, Siemens, Gaggenau, NEFF, and Thermador. BSH has 38 factories worldwide and a network of sales, production, and service companies. Lacking a unified experience In the past, BSH faced challenges in effectively utilizing consumer knowledge, which included understanding their preferences, purchasing history, service requirements, and product usage. This valuable information plays a crucial role in driving sales, marketing, service, and product development efforts, ultimately leading to satisfied customers and employees. BSH recognized the need for a unified engagement platform to streamline consumer data management across all touchpoints in its direct-to-consumer (D2C) operations. Previously, the company relied on a collection of insufficiently connected legacy systems, making it difficult to identify consumers and cater to their specific needs. Inefficiencies resulting from a knowledge void Going deeper into the issues, the knowledge disconnect challenged the company to provide timely, complete responses to marketing and sales opportunities. BSH struggled to offer the level of self-service capabilities today’s consumers expect in terms of one ID, one portal, affecting consumer satisfaction. The lack of easily accessible data and BSH’s complex system landscape also affected the company’s ability to quickly and effectively implement improved customer relationship management solutions. This deficiency impacted the targeted marketing campaigns that would help boost the consumer experience (CX) and engagement.  The insufficiently connected systems even prevented BSH from taking full advantage of what the Internet of Things and the company’s “smart” appliances have to offer. In short,  BSH could not leverage the potential of connected “smart” home appliances to gather application information for building loyalty and new business models. The launch of an omni-channel CX revolution To get connected, BSH reached out to SAP to create its OneConsumer (OCO) platform, a unified engagement platform that revolutionizes how the company handles consumer data.  With the OCO project, BSH connected all relevant systems and processes through SAP Business Technology Platform (BTP) to achieve holistic data integration and established a common consent and preference management solution based on SAP Customer Data Cloud. It connects and leverages consumer interactions from sales, service, and marketing through additional SAP Customer Experience solutions and smart home application integration, collecting and storing data for easy, centralized single-sign-on access.  The company is now able to achieve real-time data exchange across all touchpoints and BSH brands quickly and completely.  Creating a seamless experience with the goal of a holistic 360° approach Through seamless integration and unique consumer identification, BSH breaks down silos to move toward holistic 360° consumer data capabilities combining customer profiles and smart home data of registered products.  The new solution is designed to optimize the customer journey at all ends with a single ID. Customers gain a personalized view of their data, accessible through their web accounts or the Home Connect app. Self-service and customer engagement have been strongly enhanced.  With OCO at work, the company has been able to create personalized emails to address shopping cart abandonment, leading to a 3x higher conversion rate – less consumer churn and higher D2C revenue.  In addition, the dedicated BSH teams across touchpoints, from contact centers to showrooms and stores, can confidently engage with consumers, equipped with accurate information.  Another milestone achieved OCO and its SAP tools have also helped accelerate the time to market for better service, saving up to 40% in development time for CRM-related implementations and significantly increasing the efficiency of marketing campaign deployments.  “With our new OneConsumer Engagement Platform we are creating a transparent win-win for both our consumers and our employees, leveraging unified data across brands, touchpoints, and processes to improve quality of life at home in every interaction. After pilots in a few of our markets so far and incorporating several further improvement ideas, we are now preparing the rollout to boost Customer Experience with our brands, products, service and Home Connect ecosystem around the globe,“ says Rainer Jersch, Global Head of B2C Analytics & Marketing at BSH Home Appliances Group. OCO is more than just a project; it’s a strategic game changer. It lays the foundation for essential key capabilities such as state-of-the-art loyalty management, AI-powered personalized recommendations, and a seamless omnichannel purchase, smart home, and service experience. Recognized for these achievements At SAP Innovation Awards 2024, BSH and its employees were honored for elevating the consumer experience with OCO, receiving the “Experience Wizard” award. You can read more about how that powerful experience was created by checking out the BSH pitch deck. source

By Jeff Montgomery ( October 23, 2024, 7:33 PM EDT) — An attorney for Oracle Corp. stockholders rattled off a barrage of alleged disclosure failures, analytical flaws and errant deference decisions Wednesday during a Delaware Supreme Court appeal from the Chancery Court’s toss last year of a challenge to the company’s $9.3 billion acquisition of NetSuite Corp. in 2016…. Law360 is on it, so you are, too. A Law360 subscription puts you at the center of fast-moving legal issues, trends and developments so you can act with speed and confidence. Over 200 articles are published daily across more than 60 topics, industries, practice areas and jurisdictions. A Law360 subscription includes features such as Daily newsletters Expert analysis Mobile app Advanced search Judge information Real-time alerts 450K+ searchable archived articles And more! Experience Law360 today with a free 7-day trial. source

Network Computing is part of the Informa Tech Division of Informa PLC This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales and Scotland. Number 8860726. source