thePCI Portal

TLS, SSL and PCI – The links

I got tired of hunting these down regularly.  Here are the official TLS and SSL reference links in one spot: SSL/Early TLS: Working with an ASV on Failed Scans http://blog.pcisecuritystandards.org/working-with-an-asv-on-failed-scans INFORMATION SUPPLEMENT Migrating from SSL and Early TLS Version 1.0 Date: April 2015 Author: PCI Security Standards Council – Includes: Preparing a Risk Mitigation and…

A new kind of fine related to non-compliance – $100K+

Dwolla (the online payment system)  claimed that it encrypted all sensitive personal information and that its security practices exceeded industry standards and achieved compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Supposedly the (USA) Consumer Financial Protection Bureau thinks that Dwolla failed to employ reasonable and appropriate measures to protect consumer data from…

PCI DSS 3.2

Have you read the PCI Security Standards Council blog post with a version 3.2 Q&A with Chief Technology Officer Troy Leach yet? Some of the highlights include: What’s in 3.2? evaluating additional multi-factor authentication for administrators within a Cardholder Data Environment (CDE); incorporating some of the Designated Entities Supplemental Validation (DESV) criteria for service providers;…

Don’t descope your redirecting ecommerce web server!

Another fresh article regarding the risks to consider when implementing a fully redirected e-commerce solution.  Benj Hosack writes about something the forensics team at Foregenix have seen.  While it discusses a few variants that are not specifically of the SAQ A variety, it has a few relevant examples of risks. And don’t forget about the old paypaul.ca…

Remove Protection from Word Document

Have you ever been stymied in copying text or other actions in a “protected” Microsoft Word document?  The kind of documents that are locked forms where you can only position the cursor or enter text in the designated form fields? The document is not encrypted or totally unavailable to you and accessing all of its…