thePCI Portal

Author: Ed

Is an Audit Certification in your future?

There are many folks in the PCI industry who will soon require a second security certification.  For a lot of them, it will mean the pursuit of an auditor certification from this list: ISACA Certified Information Systems Auditor (CISA) GIAC Systems and Network Auditor (GSNA) Certified ISO 27001, Lead Auditor, Internal Auditor 1 IRCA ISMS…

Paranoid Physical Security best practice

  Purchase electronics, technology or anything that uses electricity in person at random retail brick and mortar locations whenever possible to minimize adversary’s opportunity to mess with your stuff during delivery. Especially items like keyboards, laptops, personal assistants, cameras, etc. Use your neighbour’s address for deliveries and all your mail. The risk of being poisoned…

The Future of Payment Security in Canada

Visa Canada’s document “The Future of Payment Security in Canada” published in October 2017 has a lot of interesting information. In addition to an overview of the fraud landscape in Canada it outlines the steps they are taking to reduce fraud. 1. Devalue Data 100% EMV Chip-Enabled Point-of-Sale (POS) Tokenization 2. Protect Sensitive Data Contactless…

Announcing PCI DSS version 3.2.1 !

May 2018 will welcome the arrival of a new version of the PCI DSS.  The minor update will contain NO NEW REQUIREMENTS and will be given the version number 3.2.1. The requirements that came into effect in February 2018 will have the following text removed: Note: This requirement is a best practice until January 31,…