1 min read
In The Payments World, Even Canadians Have ZIP Codes!
Many Canadians traveling to the US have experienced the frustration of running into a form of address verification. This is a common extra check...
pci (6)
7 min read
NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe
Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography. In 2016,...
10 min read
Understanding P2PE, NESA, E2EE, and PCI Compliance
Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and money....
4 min read
PCI Compliance and the Intel AMT Vulnerability
On May 1st a critical new and possibly unprecedented vulnerability was announced. The flaw in Intel's Active Management Technology (AMT) firmware...
2 min read
7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise
Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has...
3 min read
3 Ways 8-Digit BIN Ranges May Impact PCI Compliance
New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to maintain...
1 min read
What The CIA WikiLeaks Dump Has In Common With PCI Compliance
In recent news, WikiLeaks exposed a huge trove of CIA documents. Journalists and bloggers will of course have a field day with this and the general...
2 min read
SHA-1 Is Dead!
History The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated SHA-1....
What Is The Difference Between Masking And Truncation In PCI Compliance?
Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890); however, each implies different functionality.