PCI DSS

Is Microsoft Azure PCI DSS Compliant? Lessons in due diligence….

I’ve been busy assessing a Microsoft Azure environment as of late, for PCI DSS purposes. So. I go here to download their AoC: https://azure.microsoft.com/en-gb/support/trust-center/compliance/pci-dss/ The date of the AoC is December 31, 2014, and a number of requirements have been “Not Tested”, identified as “N/A” and Compensating Controls have been applied. I guess that’s fair […]

Is Microsoft Azure PCI DSS Compliant? Lessons in due diligence…. Read More »

PCI DSS v3.1 – how much protection does the new update give online?

According to the latest article from the SC Magazine in the UK, the latest PCI DSS version 3.1 release has “split the IT security profession” when it comes to deciding how much protection it is really providing the card holder who shops online. The article states: The v3.1 PCI DSS release addresses the well known, and high

PCI DSS v3.1 – how much protection does the new update give online? Read More »

Debate on the New Guidance from PCI Council – does it go far enough?

The PCI Security Standards Council has released brand new guidance to advise businesses how they should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. However, a recent article has been published online by BankInfoSecurity.com (BIS) that appeared to flag up a difference of opinion as to the effectiveness of the new guidance. Whilst one

Debate on the New Guidance from PCI Council – does it go far enough? Read More »

Why is POODLE and SSL v3 a problem?

As I’m sure you already know, PCI DSS v3.1 introduces a single change to replace “SSL” with “strong cryptography” in section 4.x. Whilst it might be a single change in PCI DSS, it literally means hundreds of thousands of HTTPS web pages around the world need their underlying web servers reconfiguring to use strong encryption.

Why is POODLE and SSL v3 a problem? Read More »

PCI DSS Compliance – ESSENTIAL tips for SMEs

As a small to medium sized business owner you need to juggle cash flow, credit control, human resources, sales and IT management with fewer resources and a smaller budget than most of the large corporate organisations. If you accept credit card payments, you know you probably have to be PCI DSS v3.0 compliant but lack

PCI DSS Compliance – ESSENTIAL tips for SMEs Read More »

Third Party Security Assurance for PCI DSS

Almost 2 years ago, 2-sec founded the PCI SSC’s Third Party Security Assurance SIG, following the PCI SSC Community Meeting in Dublin. The aim of the SIG was to incorporate third party security assurance guidance into PCI DSS v3.0 and to produce an information supplement. Sounds easy, doesn’t it? But with input from over 200

Third Party Security Assurance for PCI DSS Read More »

Target and Trustwave sued over data breach

News hit the wire today that Target’s acquiring banks have issued another lawsuit against Target, including Trustwave as a co-defendant. This time the banks are trying to recover some costs incurred from Target’s managed data security services provider, presumably for negligence or not detecting the vulnerability and fixing it sooner. This marks new territory for

Target and Trustwave sued over data breach Read More »

The SAQ-A-EP Apocalypse

The PCI SSC recently announced the new PCI DSS v3.0 Self Assessment Questionnaires (SAQs). Of particular interest was SAQ-A-EP, that has enshrined Visa Europe’s original guidance on securing Hosted Payment Pages (HPPs) into PCI DSS v3.0. This of course is a great move for card data security as a whole, but generally bad news to

The SAQ-A-EP Apocalypse Read More »

Your data’s safe with us…

I was visiting an airline site today, and when prompted to enter my credit card details to book the flight, and whether or not I wanted to store my card details for future transactions, saw the note: “It’s safer to store your payment card details in our secure vault than it is to send them

Your data’s safe with us… Read More »

The Cyber Sentinel

Start typing and press enter to search