Visa CodeSure has hit the market. These are cards with built in alpha-numeric displays that allow one-time passcodes to be used in conjunction with a PIN to secure online transactions: The first challenge must be replacing the 1.4bn Visa cards already out there, the second being – will it really work and how long will […]

At long last, the standard finally looks like it will mandate that merchants / service providers conduct regular scans for accidental (leaked) and legacy stores of card data on networks. I have long advised this, but always got the kick back from merchants that ‘well, it’s not in the standard so we’re not going to

So it appears MasterCard took a quiet U-turn over the festive break and dropped the requirement for an onsite QSA audit for level 2 merchants for July 2010: http://www.mastercard.com/us/sdp/merchants/merchant_levels.html A more sensible date of 30 June 2011 is listed, along with the footnote that Merchants can use their own staff as long as they have

I get asked this a lot, but default MD5 and SHA-1 hashing algorithms should not be acceptable means to render cardnumbers unreadable in the eyes of a security professional, or QSA. Although the hashing algorithm itself is secure, any information that has been hashed using MD5 or SHA-1 is now easily retrievable through the use