Don’t forget to check those security alerts that come in over the Christmas period, as regardless what your festive mood might tell you, Christmas presents a prime opportunity for criminals to launch attacks on your systems in the hope they get unnoticed. I recollect vividly my work in the gaming industry a few years back […]
Merry Christmas and a Happy New Year Read More »
Well, the webcast I just did was a fantastic example of cloud computing at it’s finest. I’ve just gone through it and the audio was terrible and I can’t even hear myself speaking at times. Sorry if you’d dialled in and didn’t quite get what you expected.
Cloud Computing – The Year Ahead! Read More »
If you’re going through a PCI DSS assessment and hit point 12.8, you might think of a Service Provider with whom you share card data with to be a bank or payment processor. After all, any other company with whom you have a relationship surely couldn’t impose a risk to you customer’s card data? You
Due Diligence and Service Providers Read More »
I was at Visa Europe’s QSA Briefing yesterday, and one question that cropped up was whether or not a Concierge style service would bring that Concierge into scope as a Service Provider. By Concierge, I mean an entity that keeps Consumer’s card numbers on file so it can book things like flights or hotels on
Does PCI DSS apply to Corporate Credit Cards? Read More »
Fresh back from the conference, an interesting few days, but still came back with the feeling that I was trying to be sold something. Not a problem if I’m brave enough to head to Infosec 2011 as that’s what you’d expect, but where some people would have paid £975 for a conference ticket I’m not
RSA Conference Europe 2010 Read More »
We’re all hearing a lot about end to end encryption as a security solution for the payments industry at the moment. The message that’s been pushed out is that merchants all need to change their PEDs and introduce more recent, encryption-capable models, so that as soon as card details hit the PED, the PED encrypts
End to end encryption – the panacea for payment security or just another commodity? Read More »
According to Visa, there have now been a significant number of successful attacks against merchants whom use hosted payment pages. A hosted payment page is one that you can embed in your website, but directs all Customer transaction details to a third party – think Datacash, Cybersource et al. Hosted payment pages offer two distinct
Hosted Payment Pages and Merchant Spear Phishing Read More »
I’m sure most of you would have already seen this, namely a document that summarises the upcoming changes to PCI DSS and what’s going to be in Version 2.0: https://www.pcisecuritystandards.org/pdfs/summary_of_changes_highlights.pdf Official pre-release with Participating Organizations will happen early September, with release to Merchants, Service Providers and QSAs at the end of October. Yes, that’s right.
PCI DSS 2.0 has landed Read More »
Visa CodeSure has hit the market. These are cards with built in alpha-numeric displays that allow one-time passcodes to be used in conjunction with a PIN to secure online transactions: The first challenge must be replacing the 1.4bn Visa cards already out there, the second being – will it really work and how long will
Visa CodeSure has landed Read More »
