pci
33 posts tagged with “pci”
PINs, Passwords, and PCI
18-Feb-2021PINs, Passwords, and PCI What is the difference between Passwords and Passphrases, PINs, and other authentication factors under PCI DSS…
Read More >CDRThief New VoIP Linux Malware – Can Credit Card Skimmers be Far Behind?
10-Sep-2020Many organizations have either undergone or are planning migrations or acceleration of call centers, remote working, and online presence…
Read More >The ENTITY (a scary PCI monster)
31-Oct-2019If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about…
Read More >Control Gap at Vancouver PCI Community Meeting
03-Sep-2019Control Gap is excited to announce that we will be exhibiting at this year’s @PCISecurityStandardsCouncil Community Meeting on September 1…
Read More >What's the minimum I need to do for PCI?
18-Jul-2019As we complete the 3rd hour of the meeting discussing PCI scope, the customer turns to me and asks, “So what’s the minimum that I need to do…
Read More >NIST Update to Format Preserving Encryption Standard affects PCI Use Cases
21-Mar-2019Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev…
Read More >PCI SPoC (PIN on COTS) - Grand Experiment in Mobile Payments
28-Jan-2019Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC…
Read More >PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant
07-Nov-2018To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…
Read More >PCI DSS May Require Pulling Up Your SOX (or ISO)
22-Feb-2018Executives and managers in organizations preparing for their first onsite PCI security assessment may feel confident that having passed a…
Read More >17 Predictions About the Next Version of PCI DSS
10-Jan-2018PCI DSS v3.2 is due for an update this year - but what will that look like? In this article, we peer into our crystal ball to make some…
Read More >Understanding "Connected-to" - Is The Internet In Scope For PCI DSS?
07-Dec-2017PCI DSS is all about scope. Getting scope right or wrong is perhaps the single most critical factor determining the ultimate success or…
Read More >Understanding P2PE, NESA, E2EE, and PCI Compliance
27-Jun-2017Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and…
Read More >PCI Compliance and the Intel AMT Vulnerability
15-May-2017On May 1st a critical new and possibly unprecedented vulnerability was announced. The flaw in Intel's Active Management Technology (AMT…
Read More >8-digit BIN Issues and Risks Remain after PCI Truncation Rules Clarified
10-May-2017Last month we wrote this article about issues arising from the addition of new BIN ranges and the lack of clear guidance specifically with…
Read More >3 Ways 8-Digit BIN Ranges May Impact PCI Compliance
11-Apr-2017New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to…
Read More >What The CIA WikiLeaks Dump Has In Common With PCI Compliance
14-Mar-2017In recent news, WikiLeaks exposed a huge trove of CIA documents. Journalists and bloggers will of course have a field day with this and the…
Read More >What Is The Difference Between Masking And Truncation In PCI Compliance?
17-Jan-2017Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890); however, each implies different…
Read More >What Is Cardholder Data In PCI Compliance?
16-Jan-2017Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes…
Read More >Call Centers and PCI Compliance: Things You Need to Know
15-Dec-2016Call centers can be challenging places. They range from small and simple to large and complex. For many businesses they are a place where…
Read More >4 FAQs The PCI Security Standards Council Renamed in 2016
02-Dec-2016Anyone who relies on the PCI FAQ site for guidance may have noticed some changes in the last few months. In fact if you bookmarked some of…
Read More >PCI Announces NESA - A Stepping Stone To P2PE
29-Nov-2016Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This…
Read More >PCI Compliance Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money
22-Nov-2016While you may have heard of carbon footprints and ecological footprints, you might not be aware that there is such thing as a PCI Compliance…
Read More >3 Risks of Ignoring PCI Compliance
15-Nov-2016With more than 510 million records containing sensitive information breached since January 2005, statistics indicate that cardholder data…
Read More >12 Tips To Avoid Credit Card Data Breaches
01-Nov-2016PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data Traditionally, ill-intentioned criminals have targeted banking…
Read More >PCI Compliance & Why You Need to be Compliant
27-Sep-2016Getting paid is just as important as PCI compliance. Businesses of all sizes rely on cash flow to effectively manage business operations. To…
Read More >How Microsoft Support Expiry can Affect Your PCI Compliance
26-Jul-2016Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft…
Read More >PCI Under The Microscope
28-Jun-2016The PCI Council has testified before Congress about standards and breaches in both 2014 and 2009 (links are to Google Searches). This year…
Read More >PCI DSS v3.2 - What You Need to Know to Stay PCI Compliant
08-Jun-2016To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…
Read More >PCI DSS V3.2 Is Almost Here!
06-Apr-2016The PCI Security Standards Councils confirmed last week that the updated version of PCI DSS (v3.2) will be released at the end of April 201…
Read More >Just like spring - a new version of PCI DSS will come early this year!
26-Feb-2016Last week the PCI Standards Council commented on the upcoming DSS 3.2 update and what it means for the rest of 2016. Ever since the sunset…
Read More >PCI DSS Version 3.1 Has Arrived
15-Apr-2015The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration…
Read More >PCI Security Standards Council set to kill off SSL in PCI DSS/PA-DSS 3.1 updates
10-Mar-2015The PCI council has released an announcement that they are preparing an updated version of the PCI DSS (v3.1) and PA-DSS (v3.1), where they…
Read More >Analysis of PCI DSS 3.0
01-Oct-2014PCI DSS 3.0 was released Nov 2013. There are new and changed requirements with a more organized look. Check out our in-depth analysis and…
Read More >