61 posts tagged with “blog”

CDRThief New VoIP Linux Malware – Can Credit Card Skimmers be Far Behind?


Many organizations have either undergone or are planning migrations or acceleration of call centers, remote working, and online presence…

Read More >

Did you MEME to share your personal info?


What’s your Covid-19 Plan? Our plan is to curl up in the fetal position in a supermarket with a tin-foil hat. But seriously… Everyone…

Read More >

The ENTITY (a scary PCI monster)


If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about…

Read More >

Control Gap gets Cyber!


We are pleased to announce that we are now offering new CYBERSECURITY services! We want the name Control Gap to be synonymous in your mind…

Read More >

Control Gap at Vancouver PCI Community Meeting


Control Gap is excited to announce that we will be exhibiting at this year’s @PCISecurityStandardsCouncil Community Meeting on September 1…

Read More >



Whether you embrace or eschew the label of Road Warrior, if you've traveled extensively for business then you have experienced the trials…

Read More >

What's the minimum I need to do for PCI?


As we complete the 3rd hour of the meeting discussing PCI scope, the customer turns to me and asks, “So what’s the minimum that I need to do…

Read More >

Why POI Tamper Inspections are so Important


It is amazing to see how many organizations take things for granted in their environment. In the video below, you can see a skimmer device…

Read More >

NIST is Sunsetting Triple DES - so what will the Financial Industry do?


NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple…

Read More >

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases


Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev…

Read More >

PCI SPoC (PIN on COTS) - Grand Experiment in Mobile Payments


Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC…

Read More >

How can I tell if the site I shop from is secure?


Payment card breaches concern customers and businesses alike. A recent epidemic of e-commerce breaches is focusing attention on what makes a…

Read More >

PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant


To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…

Read More >

Control Gap is Proud to Support Casey MacKay in the 2018 Toronto Maple Leafs Skate for Easter Seals Kids!


We are excited to announce that we are supporting Casey Mackay, a student at Humber College finishing his program in Broadcasting…

Read More >

Social Network Spiraling - Everything Going On with Facebook Up Until Now


In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below: September's Breach The…

Read More >

If You Take Credit Cards By Phone or Mail - You Need to Read About Visa's October Mandate


PCI Rules Aren't the Only Ones You Need to Comply With Most organizations concerned with payment compliance are focused on the PCI Data…

Read More >

The 3 Approaches to Penetration Testing for PCI DSS


Understanding PCI DSS requirements in depth can often be confusing and frustrating. The requirements covering penetration testing, PCI DSS…

Read More >

Equifax Move Over, Here Comes The Cambridge Analytica and Facebook Scandal!


We've been following security and breaches for a long time and they have been getting unquestionably worse. While mega-credit card breaches…

Read More >

PCI DSS May Require Pulling Up Your SOX (or ISO)


Executives and managers in organizations preparing for their first onsite PCI security assessment may feel confident that having passed a…

Read More >

17 Predictions About the Next Version of PCI DSS


PCI DSS v3.2 is due for an update this year - but what will that look like? In this article, we peer into our crystal ball to make some…

Read More >

Understanding "Connected-to" - Is The Internet In Scope For PCI DSS?


PCI DSS is all about scope. Getting scope right or wrong is perhaps the single most critical factor determining the ultimate success or…

Read More >

Control Gap Inc. Supports Easter Seals Ontario


This year, and for many years prior, Control Gap Inc. continues to be a proud supporter of Easter Seals Ontario through the Toronto Maple…

Read More >

In The Payments World, Even Canadians Have ZIP Codes!


Many Canadians traveling to the US have experienced the frustration of running into a form of address verification. This is a common extra…

Read More >

Hurricane Harvey: How To Avoid Scams When Donating To Natural Disaster Charity Groups


It's hard to imagine a natural disaster until it starts happening in your own backyard. Unfortunately, the people of Texas have experienced…

Read More >

NIST Moves on Sweet32 - 3DES, Blowfish, and Others - Mostly Unsafe


Now is the time to stop using 64-bit block length ciphers such as 3DES (TDEA) and Blowfish in general purpose applications of cryptography…

Read More >

Understanding P2PE, NESA, E2EE, and PCI Compliance


Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and…

Read More >

PCI Compliance and the Intel AMT Vulnerability


On May 1st a critical new and possibly unprecedented vulnerability was announced.  The flaw in Intel's Active Management Technology (AMT…

Read More >

8-digit BIN Issues and Risks Remain after PCI Truncation Rules Clarified


Last month we wrote this article about issues arising from the addition of new BIN ranges and the lack of clear guidance specifically with…

Read More >

7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise


Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved…

Read More >

3 Ways 8-Digit BIN Ranges May Impact PCI Compliance


New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to…

Read More >

What The CIA WikiLeaks Dump Has In Common With PCI Compliance


In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the…

Read More >

SHA-1 Is Dead!


History The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated…

Read More >

2017 Toronto Ride To Conquer Cancer


This year, Control Gap Inc. has donated $2,500 to The Enbridge Ride to Conquer Cancer which has been supporting the Princess Margaret Cancer…

Read More >

What Is The Difference Between Masking And Truncation In PCI Compliance?


Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890); however, each implies different…

Read More >

What Is Cardholder Data In PCI Compliance?


Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands.  CHD includes…

Read More >

What Is Sensitive Authentication Data in PCI Compliance?


Sensitive authentication data, aka SAD, in PCI compliance is data used by the issuers of cards to authorize transactions. Similar to…

Read More >

Supporting the Uganda Plastic Surgery Project


In September 2016, Control Gap Inc. donated $5,000 to the University of British Columbia's Uganda Plastic Surgery Project. About the Mission…

Read More >

Call Centers and PCI Compliance: Things You Need to Know


Call centers can be challenging places. They range from small and simple to large and complex. For many businesses they are a place where…

Read More >

In Support of The Canadian Cancer Society


In October 2016, Control Gap donated $5,000 to FCT in support of The Canadian Cancer Society's Relay for Life. In November, Gary Gallacher…

Read More >

4 FAQs The PCI Security Standards Council Renamed in 2016


Anyone who relies on the PCI FAQ site for guidance may have noticed some changes in the last few months. In fact if you bookmarked some of…

Read More >

PCI Announces NESA - A Stepping Stone To P2PE


Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This…

Read More >

PCI Compliance Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money


While you may have heard of carbon footprints and ecological footprints, you might not be aware that there is such thing as a PCI Compliance…

Read More >

3 Risks of Ignoring PCI Compliance


With more than 510 million records containing sensitive information breached since January 2005, statistics indicate that cardholder data…

Read More >

12 Tips To Avoid Credit Card Data Breaches


PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data Traditionally, ill-intentioned criminals have targeted banking…

Read More >

PCI Compliance & Why You Need to be Compliant


Getting paid is just as important as PCI compliance. Businesses of all sizes rely on cash flow to effectively manage business operations. To…

Read More >

What's changed in PA-DSS 3.2? Impacts to Vendors, Implementers, and Operators.


Recently, Control Gap posted an article performing a detailed analysis of the recent changes in the DSS due to 3.2. We do this because the…

Read More >

How Microsoft Support Expiry can Affect Your PCI Compliance


Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft…

Read More >

PCI DSS: Guide to Effective Daily Log Monitoring


Despite the widespread adoption of logging as part of operational security practices, organizations have continued to be challenged in…

Read More >

PCI Under The Microscope


The PCI Council has testified before Congress about standards and breaches in both 2014 and 2009 (links are to Google Searches). This year…

Read More >

Is Your Payment Application Ready to Leap to PA-DSS Version 3.2?


With the release of PA-DSS 3.2, on June 8th, the PCI Council has provided sunset dates for PA-DSS 3.1 applications and application listing…

Read More >

PCI DSS v3.2 - What You Need to Know to Stay PCI Compliant


To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…

Read More >

The Panama Papers - a new kind of breach?


In the world of data breaches, it’s not often that we see something totally new. This last week we may just have had such a thing.  Most…

Read More >

PCI DSS V3.2 Is Almost Here!


The PCI Security Standards Councils confirmed last week that the updated version of PCI DSS (v3.2) will be released at the end of April 201…

Read More >

Why the Apple vs. FBI Dispute Is A Good Thing


The Internet and mainstream media has been ablaze with articles and opinion pieces about the dispute between the FBI and Apple over an…

Read More >

Just like spring - a new version of PCI DSS will come early this year!


Last week the PCI Standards Council commented on the upcoming DSS 3.2 update and what it means for the rest of 2016. Ever since the sunset…

Read More >

Sunset of SSL Extended


If you’ve been struggling with keeping up with various SSL vulnerabilities and planning an orderly cutover to TLS then the recent…

Read More >

Must Format Preserving Encryption (FPE) be distinguishable from cardholder data for PCI?


Previously we looked at Format Preserving Encryption (FPE) its characteristics and suitability for application in solutions intended for PCI…

Read More >

PCI DSS Version 3.1 Has Arrived


The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration…

Read More >

PCI Security Standards Council set to kill off SSL in PCI DSS/PA-DSS 3.1 updates


The PCI council has released an announcement that they are preparing an updated version of the PCI DSS (v3.1) and PA-DSS (v3.1), where they…

Read More >

What is Format Preserving Encryption and is it suitable for PCI DSS?


Format Preserving Encryption or FPE is recent technology that is beginning to show up in payment solutions with the promise of simplifying…

Read More >

Analysis of PCI DSS 3.0


PCI DSS 3.0 was released Nov 2013. There are new and changed requirements with a more organized look. Check out our in-depth analysis and…

Read More >