Blog Posts Tagged with "E2EE"

Fc152e73692bc3c934d248f639d9e963

PCI Compliance and Tokenization

August 12, 2011 Added by:PCI Guru

Tokenization does not imply encryption. However, encryption may be used for tokenization as can one-way hashing. When encryption is used as a way to tokenize sensitive information, the system receiving the token never has the capability to decrypt the token...

Comments  (2)

Fc152e73692bc3c934d248f639d9e963

End-to-End Encryption – The Rest Of The Story

August 10, 2011 Added by:PCI Guru

If you discuss E2EE with any merchant, most see it as this panacea, something that will get them out of the PCI compliance game altogether. However, nothing could be further from the truth. If anything, E2EE may make PCI compliance even more daunting than it is today...

Comments  (0)

85612d572d689128ab07f369ff934d02

FIPS 140-2: Just Buzzword Bingo?

June 15, 2011 Added by:Jonathan Lampe

If your IT department intersects with the finance, health care, government or energy sectors, or is subject to regulations such as PCI-DSS, then you should be using FIPS 140-2 validated cryptography now to protect data-in-transit and data-at-rest...

Comments  (4)

Fc152e73692bc3c934d248f639d9e963

E2E Encryption and Doctored Credit Card Terminals

May 26, 2011 Added by:PCI Guru

End-to-end encryption just moves the attack points, in this case out to the terminal at the merchant’s location. Worse yet, it also makes security of the merchant’s endpoint even more difficult than it already is because the techniques used in doctoring terminals can easily go unnoticed...

Comments  (0)

E94a37c9b33d6a973b40a831d810b0c6

ZRTP Voice Encryption is Finally a Standard RFC

April 13, 2011 Added by:Fabio Pietrosanti

A new wave is coming to the voice encryption world, erupting to fill a gray area where most of the companies doing phone encryption have been implementing custom systems. Now a standard has been setup and there are few reasons left to continue implementing anything different...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The Harsh Reality Of Security

January 09, 2011 Added by:PCI Guru

Chris Skinner asks the question, “Why does the card securities council not care about card security?” What concerns me is the title of the article as it again implies that the PCI standards do nothing to secure cardholder data. I thought I would take a shot at answering this question...

Comments  (0)