4 min read

PINs, Passwords, and PCI

PINs, Passwords, and PCI What is the difference between Passwords and Passphrases, PINs, and other authentication factors under PCI DSS? Our team was...

What Is Sensitive Authentication Data in PCI Compliance?

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions. Similar to cardholder data,...

1 min read

CDRThief New VoIP Linux Malware – Can Credit Card Skimmers be Far Behind?

Many organizations have either undergone or are planning migrations or acceleration of call centers, remote working, and online presence exploiting...

5 min read

The ENTITY (a scary PCI monster)

If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about something...

2 min read

NIST is Sunsetting Triple DES - so what will the Financial Industry do?

NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple DES by...

4 min read

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation...

7 min read

PCI SPoC (PIN on COTS) - Grand Experiment in Mobile Payments

Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC) - a subset...

3 min read

PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant

To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with...

4 min read

Social Network Spiraling - Everything Going On with Facebook Up Until Now

In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below: