security requirements for PIN Entry
Blog and News Page, News Archives - Blogs / NewsThe PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
Payment security for small businesses
Blog and News Page, News Archives - Blogs / NewsPayment Card Industry Security Standards Council (PCI SSC) has introduced a new payment security tool for small businesses.
The payment security tool will protect the card data of PCI SSC customers.
5 updates from PCI SSC you need to know
Blog and News Page, News Archives - Blogs / NewsThe PCI P2PE standard has for sometime governed security requirements for technologies and services that organizations use for end-to-end encryption of cardholder data. The goal is to ensure that no sensitive cardholder data passes in unencrypted form through a merchant's point of sale system.
PCI issues new standards for contactless payments
Blog and News Page, News Archives - Blogs / News
The PCI Security Standards Council published a new data security standard that will let merchants accept contactless payments using commercial off-the-shelf mobile devices, like smartphones and tablets that utilize near field communications.…
Network Segmentation
Blog and News Page, News Archives - Blogs / NewsEarlier this month the PCI SSC released a memo referring to their network segmentation guidelines, while network segmentation is not part of PCI scope, it seems that most breaches happen from systems that were deemed not in scope, and companies were unaware that their data was even being accessed by these systems.
HostedPCI is Now on the AppExchange
Blog and News Page, Blog Archives - Blog/NewsHostedPCI is now on the AppExchange, making it easier for companies that use Salesforce for their CRM can reduce their PCI scope without compromising customer experience. HostedPCI offers 2 main services within the Salesforce APP, our iFrame for eCommerce companies and our IVR for call center companies.
Why Change the TLS Migration Date?
Blog and News Page, Blog Archives - Blog/NewsIt has been known for a while that SSL/TLS had vulnerabilities, however when POODLE first became known the PCI SSC jumped quickly to release the PCI DSS version 3.1, which stated that organizations had to migrate to TLS 1.1 or higher and disable any fallback to SSL/early TLS.
TLS for Android – News Article
Blog and News Page, Blog Archives - Blog/NewsFor online merchants the new PCI standards may effect the usability of their shopping carts on Android phones. Earlier this year two attacks related to PCI compliance where discovered, they were Heartbleed and POODLE. While it had been discovered in the past that SSL and early TLS encryption were vulnerable to attacks, they were still allowed to be used with a downgrade – dance, if the highest level handshake with TLS 1.2 failed
PCI 3.1 : Why so Quick
Blog and News Page, Blog Archives - Blog/NewsPCI Security Standards Council was created in 2006 to protect organizations and their customers from fraud. PCI compliance is a nationwide standard that all organizations that collect, exchange and process must follow in order to be secure. Typically PCI compliance is updated once every three years. PCI 3.0 went in to full effect in Jan , 2015 so how come PCI 3.1 was rushed out so quickly?
Differences in SAQ
Blog and News Page, Blog Archives - Blog/NewsDepending on what your business is and how it handles credit cards, will then dictate the type of SAQ ( Self Assessment Questionnaire) your organization must complete. Most companies under estimate the guidelines for PCI compliance, and will elect