5 min read
Why Organizations Need to Become Crypto-Agile and What that Means
Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and...
pci (3)
3 min read
Why did my PCI DSS Scope Explode?
It can be extremely frustrating for a compliance team to realize that additional systems are in-scope. It means additional and unexpected security...
4 min read
Don’t Tie Yourself in Knots Thinking you can Store Payment Card Verification Codes/Values
Card Not Present Security Codes/Values are the 3 and 4 digit printed numbers on your payment cards used to verify card-not-present transactions. PCI...
8 min read
The DSS, MageCart, and the DOM – Part 3 e-Commerce Skimming
Cyberattacks and data breaches have risen dramatically in recent years and no industry or organization is immune to these attacks. Merchants,...
6 min read
The DSS, MageCart, and the DOM – Part 2 Browsers, the DOM, and 3rd Party JavaScript
In part two of our series, we take a deeper dive into how JavaScript works and its implications to web and e-commerce security and compliance. This...
8 min read
The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules
It turns out that how you implement e-commerce can have a huge impact on your compliance footprint (i.e., the number of PCI security controls...
5 min read
Why do some Issuers believe they don’t need to be PCI DSS compliant?
Documents from the PCI Council, MasterCard, and Visa clearly indicate that Issuers are required to be PCI DSS compliant (see Learn More below). Yet...
6 min read
6 Ways to Deal with the Magnitude of PCI DSS
Are you new to PCI DSS? Perhaps you need to refresh your approach? If so, this article breaks down 6 strategies that will help you eat the proverbial...
10 min read
How a $1200 Graphics Card Threatens Your PCI DSS Compliance and Security
Organizations subject to PCI DSS compliance validation spend significant amounts of time, effort, and money to maintain and validate their...