Blog Posts Tagged with "PA-DSS"
PA-DSS Validation Clarification
August 09, 2012 Added by:PCI Guru
The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...
Comments (0)
Another Year, Another QSA Re-Certification
April 26, 2012 Added by:PCI Guru
There is a lot of discussion on network segmentation, and this year’s presentation material indicates there are apparently still a lot of QSAs that do not understand the concept of network segmentation and what constitutes good segmentation from poor segmentation...
Comments (0)
Google Wallet and PCI Compliance
January 30, 2012 Added by:PCI Guru
Hackers could decrypt the PAN given the high likelihood that the PIN to decrypt the PAN could be derived from information on a smartphone. The nightmare scenario would be development of malware delivered through the smartphone’s application store that harvests the PII...
Comments (0)
The What and Why of Compliance
January 19, 2012 Added by:Fergal Glynn
What is a compliance framework? It’s an architected system of policies, controls and objectives designed to keep your business out of trouble and operating securely. It should measure risk and effectiveness, and keep constituents aware and up to date, since risk changes...
Comments (0)
The Holy Grail and the PA-DSS Implementation Guide
October 04, 2011 Added by:Andrew Weidenhamer
As a QSA it is very frustrating to walk in, ask the merchant for the PA-DSS Implementation Guide, and receive a glazed over eye look. It's even more frustrating when you then ask the Vendor/Reseller for the Implementation Guide and they look at you as if you have three heads....
Comments (0)
PCI SSC Nixes Certification for Mobile Payments Apps
June 30, 2011 Added by:PCI Guru
"Until such time that it has completed a comprehensive examination of the mobile communications device and payment application landscape, the Council will not approve mobile payment applications used by merchants to accept and process payment as validated PA-DSS applications..."
Comments (0)
More On Mobile Payments Security
February 25, 2011 Added by:PCI Guru
While iPhone is the “Big Kahuna”, it does not mean that Android and Windows Phone devices are not also used for credit card payments. Unfortunately, Android and Windows Phone devices have similar issues that make them difficult, if not impossible, to have PA-DSS certified applications...
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox