Oh I do love this. Apple have come out with another screw to help deter hardware hackers from getting inside MacBooks and iPhone 4s. It’s called a pentalobe, which looks like a Torx screw on first looks, but actually has rounded edges. So what you might say. Well, Apple have been kind enough to uses […]
Screwed over by Apple? Read More »
I’m still coming across a number of brick and mortar merchants whom have been advised by their QSA to put their store environments into scope of PCI DSS and spend millions of pounds implementing end-point security and network monitoring solutions. Exactly what benefit does this give? Not even high street banks go to this level
Stores still in scope? Read More »
Don’t forget to check those security alerts that come in over the Christmas period, as regardless what your festive mood might tell you, Christmas presents a prime opportunity for criminals to launch attacks on your systems in the hope they get unnoticed. I recollect vividly my work in the gaming industry a few years back
Merry Christmas and a Happy New Year Read More »
Well, the webcast I just did was a fantastic example of cloud computing at it’s finest. I’ve just gone through it and the audio was terrible and I can’t even hear myself speaking at times. Sorry if you’d dialled in and didn’t quite get what you expected.
Cloud Computing – The Year Ahead! Read More »
If you’re going through a PCI DSS assessment and hit point 12.8, you might think of a Service Provider with whom you share card data with to be a bank or payment processor. After all, any other company with whom you have a relationship surely couldn’t impose a risk to you customer’s card data? You
Due Diligence and Service Providers Read More »
I was at Visa Europe’s QSA Briefing yesterday, and one question that cropped up was whether or not a Concierge style service would bring that Concierge into scope as a Service Provider. By Concierge, I mean an entity that keeps Consumer’s card numbers on file so it can book things like flights or hotels on
Does PCI DSS apply to Corporate Credit Cards? Read More »
Fresh back from the conference, an interesting few days, but still came back with the feeling that I was trying to be sold something. Not a problem if I’m brave enough to head to Infosec 2011 as that’s what you’d expect, but where some people would have paid £975 for a conference ticket I’m not
RSA Conference Europe 2010 Read More »
We’re all hearing a lot about end to end encryption as a security solution for the payments industry at the moment. The message that’s been pushed out is that merchants all need to change their PEDs and introduce more recent, encryption-capable models, so that as soon as card details hit the PED, the PED encrypts
End to end encryption – the panacea for payment security or just another commodity? Read More »
According to Visa, there have now been a significant number of successful attacks against merchants whom use hosted payment pages. A hosted payment page is one that you can embed in your website, but directs all Customer transaction details to a third party – think Datacash, Cybersource et al. Hosted payment pages offer two distinct
Hosted Payment Pages and Merchant Spear Phishing Read More »
