blog

60 posts tagged with “blog”

Did you MEME to share your personal info?

01-Apr-2020

What’s your Covid-19 Plan? Our plan is to curl up in the fetal position in a supermarket with a tin-foil hat. But seriously… Everyone…

Read More >

The ENTITY (a scary PCI monster)

31-Oct-2019

If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about…

Read More >

Control Gap gets Cyber!

26-Sep-2019

We are pleased to announce that we are now offering new CYBERSECURITY services! We want the name Control Gap to be synonymous in your mind…

Read More >

Control Gap at Vancouver PCI Community Meeting

03-Sep-2019

Control Gap is excited to announce that we will be exhibiting at this year’s @PCISecurityStandardsCouncil Community Meeting on September 1…

Read More >

A Misadventure on THE AIRLINE THAT SHALL NOT BE NAMED

27-Aug-2019

Whether you embrace or eschew the label of Road Warrior, if you've traveled extensively for business then you have experienced the trials…

Read More >

What's the minimum I need to do for PCI?

18-Jul-2019

As we complete the 3rd hour of the meeting discussing PCI scope, the customer turns to me and asks, “So what’s the minimum that I need to do…

Read More >

Why POI Tamper Inspections are so Important

19-Jun-2019

It is amazing to see how many organizations take things for granted in their environment. In the video below, you can see a skimmer device…

Read More >

NIST is Sunsetting Triple DES - so what will the Financial Industry do?

09-Apr-2019

NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple…

Read More >

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases

21-Mar-2019

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev…

Read More >

PCI SPoC (PIN on COTS) - Grand Experiment in Mobile Payments

28-Jan-2019

Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC…

Read More >

How can I tell if the site I shop from is secure?

05-Dec-2018

Payment card breaches concern customers and businesses alike. A recent epidemic of e-commerce breaches is focusing attention on what makes a…

Read More >

PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant

07-Nov-2018

To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…

Read More >

Control Gap is Proud to Support Casey MacKay in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids!

19-Oct-2018

We are excited to announce that we are supporting Casey Mackay, a student at Humber College finishing his program in Broadcasting…

Read More >

Social Network Spiraling - Everything Going On with Facebook Up Until Now

04-Oct-2018

In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below: September's Breach The…

Read More >

If You Take Credit Cards By Phone or Mail - You Need to Read About Visa's October Mandate

12-Sep-2018

PCI Rules Aren't the Only Ones You Need to Comply With Most organizations concerned with payment compliance are focused on the PCI Data…

Read More >

The 3 Approaches to Penetration Testing for PCI DSS

11-Apr-2018

Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS…

Read More >

Equifax Move Over, Here Comes The Cambridge Analytica and Facebook Scandal!

20-Mar-2018

We've been following security and breaches for a long time and they have been getting unquestionably worse. While mega-credit card breaches…

Read More >

PCI DSS May Require Pulling Up Your SOX (or ISO)

22-Feb-2018

Executives and managers in organizations preparing for their first onsite PCI security assessment may feel confident that having passed a…

Read More >

17 Predictions About the Next Version of PCI DSS

10-Jan-2018

PCI DSS v3.2 is due for an update this year - but what will that look like? In this article, we peer into our crystal ball to make some…

Read More >

Understanding "Connected-to" - Is The Internet In Scope For PCI DSS?

07-Dec-2017

PCI DSS is all about scope. Getting scope right or wrong is perhaps the single most critical factor determining the ultimate success or…

Read More >

Control Gap Inc. Supports Easter Seals Ontario

23-Nov-2017

This year, and for many years prior, Control Gap Inc. continues to be a proud supporter of Easter Seals Ontario through the Toronto Maple…

Read More >

In The Payments World, Even Canadians Have ZIP Codes!

19-Sep-2017

Many Canadians traveling to the US have experienced the frustration of running into a form of address verification. This is a common extra…

Read More >

Hurricane Harvey: How To Avoid Scams When Donating To Natural Disaster Charity Groups

31-Aug-2017

It's hard to imagine a natural disaster until it starts happening in your own backyard. Unfortunately, the people of Texas have experienced…

Read More >

NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe

19-Jul-2017

Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography…

Read More >

Understanding P2PE, NESA, E2EE, and PCI Compliance

27-Jun-2017

Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and…

Read More >

PCI Compliance and the Intel AMT Vulnerability

15-May-2017

On May 1st a critical new and possibly unprecedented vulnerability was announced.  The flaw in Intel's Active Management Technology (AMT…

Read More >

8-digit BIN Issues and Risks Remain after PCI Truncation Rules Clarified

10-May-2017

Last month we wrote this article about issues arising from the addition of new BIN ranges and the lack of clear guidance specifically with…

Read More >

7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise

26-Apr-2017

Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved…

Read More >

3 Ways 8-Digit BIN Ranges May Impact PCI Compliance

11-Apr-2017

New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to…

Read More >

What The CIA WikiLeaks Dump Has In Common With PCI Compliance

14-Mar-2017

In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the…

Read More >

SHA-1 Is Dead!

23-Feb-2017

History The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated…

Read More >

2017 Toronto Ride To Conquer Cancer

02-Feb-2017

This year, Control Gap Inc. has donated $2,500 to The Enbridge Ride to Conquer Cancer which has been supporting the Princess Margaret Cancer…

Read More >

What Is The Difference Between Masking And Truncation In PCI Compliance?

17-Jan-2017

Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890); however, each implies different…

Read More >

What Is Cardholder Data In PCI Compliance?

16-Jan-2017

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands.  CHD includes…

Read More >

What Is Sensitive Authentication Data in PCI Compliance?

11-Jan-2017

Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions. Similar to…

Read More >

Supporting the Uganda Plastic Surgery Project

10-Jan-2017

In September 2016, Control Gap Inc. donated $5,000 to the University of British Columbia's Uganda Plastic Surgery Project. About the Mission…

Read More >

Call Centers and PCI Compliance: Things You Need to Know

15-Dec-2016

Call centers can be challenging places. They range from small and simple to large and complex. For many businesses they are a place where…

Read More >

In Support of The Canadian Cancer Society

04-Dec-2016

In October 2016, Control Gap donated $5,000 to FCT in support of The Canadian Cancer Society's Relay for Life. In November, Gary Gallacher…

Read More >

4 FAQs The PCI Security Standards Council Renamed in 2016

02-Dec-2016

Anyone who relies on the PCI FAQ site for guidance may have noticed some changes in the last few months. In fact if you bookmarked some of…

Read More >

PCI Announces NESA - A Stepping Stone To P2PE

29-Nov-2016

Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This…

Read More >

PCI Compliance Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money

22-Nov-2016

While you may have heard of carbon footprints and ecological footprints, you might not be aware that there is such thing as a PCI Compliance…

Read More >

3 Risks of Ignoring PCI Compliance

15-Nov-2016

With more than 510 million records containing sensitive information breached since January 2005, statistics indicate that cardholder data…

Read More >

12 Tips To Avoid Credit Card Data Breaches

01-Nov-2016

PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data Traditionally, ill-intentioned criminals have targeted banking…

Read More >

PCI Compliance & Why You Need to be Compliant

27-Sep-2016

Getting paid is just as important as PCI compliance. Businesses of all sizes rely on cash flow to effectively manage business operations. To…

Read More >

What's changed in PA-DSS 3.2? Impacts to Vendors, Implementers, and Operators.

26-Aug-2016

Recently, Control Gap posted an article performing a detailed analysis of the recent changes in the DSS due to 3.2. We do this because the…

Read More >

How Microsoft Support Expiry can Affect Your PCI Compliance

26-Jul-2016

Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft…

Read More >

PCI DSS: Guide to Effective Daily Log Monitoring

14-Jul-2016

Despite the widespread adoption of logging as part of operational security practices, organizations have continued to be challenged in…

Read More >

PCI Under The Microscope

28-Jun-2016

The PCI Council has testified before Congress about standards and breaches in both 2014 and 2009 (links are to Google Searches). This year…

Read More >

Is Your Payment Application Ready to Leap to PA-DSS Version 3.2?

08-Jun-2016

With the release of PA-DSS 3.2, on June 8th, the PCI Council has provided sunset dates for PA-DSS 3.1 applications and application listing…

Read More >

PCI DSS v3.2 - What You Need to Know to Stay PCI Compliant

08-Jun-2016

To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…

Read More >

The Panama Papers - a new kind of breach?

06-Apr-2016

In the world of data breaches, it’s not often that we see something totally new. This last week we may just have had such a thing.  Most…

Read More >

PCI DSS V3.2 Is Almost Here!

06-Apr-2016

The PCI Security Standards Councils confirmed last week that the updated version of PCI DSS (v3.2) will be released at the end of April 201…

Read More >

Why the Apple vs. FBI Dispute Is A Good Thing

01-Mar-2016

The Internet and mainstream media has been ablaze with articles and opinion pieces about the dispute between the FBI and Apple over an…

Read More >

Just like spring - a new version of PCI DSS will come early this year!

26-Feb-2016

Last week the PCI Standards Council commented on the upcoming DSS 3.2 update and what it means for the rest of 2016. Ever since the sunset…

Read More >

Sunset of SSL Extended

22-Dec-2015

If you’ve been struggling with keeping up with various SSL vulnerabilities and planning an orderly cutover to TLS then the recent…

Read More >

Must Format Preserving Encryption (FPE) be distinguishable from cardholder data for PCI?

17-Apr-2015

Previously we looked at Format Preserving Encryption (FPE) its characteristics and suitability for application in solutions intended for PCI…

Read More >

PCI DSS Version 3.1 Has Arrived

15-Apr-2015

The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration…

Read More >

PCI Security Standards Council set to kill off SSL in PCI DSS/PA-DSS 3.1 updates

10-Mar-2015

The PCI council has released an announcement that they are preparing an updated version of the PCI DSS (v3.1) and PA-DSS (v3.1), where they…

Read More >

What is Format Preserving Encryption and is it suitable for PCI DSS?

23-Feb-2015

Format Preserving Encryption or FPE is recent technology that is beginning to show up in payment solutions with the promise of simplifying…

Read More >

Analysis of PCI DSS 3.0

01-Oct-2014

PCI DSS 3.0 was released Nov 2013. There are new and changed requirements with a more organized look. Check out our in-depth analysis and…

Read More >