What Is Sensitive Authentication Data in PCI Compliance?
Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions. Similar to cardholder data,...
pci (4)
1 min read
CDRThief New VoIP Linux Malware – Can Credit Card Skimmers be Far Behind?
Many organizations have either undergone or are planning migrations or acceleration of call centers, remote working, and online presence exploiting...
5 min read
The ENTITY (a scary PCI monster)
If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about something...
Control Gap at Vancouver PCI Community Meeting
Control Gap is excited to announce that we will be exhibiting at this year’s @PCISecurityStandardsCouncil Community Meeting on September 17-19. Don’t...
2 min read
What's the minimum I need to do for PCI?
As we complete the 3rd hour of the meeting discussing PCI scope, the customer turns to me and asks, “So what’s the minimum that I need to do to pass...
6 min read
This Week’s [in]Security – Issue 115
Welcome to This Week’s [in]Security. This week: a quiet week for PCI, RDP MFA bypass, make SSNs public, AMCA (Quest, LabCorp, OPKO) breach, Data...
2 min read
NIST is Sunsetting Triple DES - so what will the Financial Industry do?
NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple DES by...
4 min read
NIST Update to Format Preserving Encryption Standard affects PCI Use Cases
Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation...
7 min read
PCI SPoC (PIN on COTS) - Grand Experiment in Mobile Payments
Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC) - a subset...