As 2017 comes to a close, we may be celebrating our wins and counting our blessings. It is certainly worthwhile to do so. However, the end of the year is also a good time to reflect on what we could have done better. Regarding information security, Verizon’s 2017 Data Breach Report is a valuable resource …
The Internet of Things has developed into a thriving industry estimated at $14 billion and poised for further growth. Smart thermostats, voice-activated personal assistants, and other IoT devices are no longer novelty items found in homes of tech-savvy early adopters. In fact, the IoT has gained more mainstream usage as people are enticed by the …
Through Point-to-Point Encryption (P2PE), data is encrypted upon entry by a certified card terminal and continues to be encrypted until the data reaches a secure point of decryption outside of the merchant environment. This secure point of decryption is a validated PCI P2PE solution provider. Benefits of P2PE include making sensitive and protected data unreadable …
EMV® Three-Domain Secure (3-D Secure, or 3DS) is a messaging protocol that enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorized CNP transactions and protects the merchant from exposure to CNP fraud. The three domains consist of the merchant/acquirer domain, issuer domain, …
In 2015, the PCI Council recognized the need to move away from earlier forms of the Internet security protocol Secure Sockets Layer / Early Transport Layer Security (SSL/TLS). This cryptographic protocol is used to establish a secure channel between two systems by authenticating one or both systems and protecting the information passing between the systems. …
Promoted as the most important change in data privacy regulation in decades, the EU General Data Protection Regulation (GDPR) will be enforced on May 25, 2018. Organizations that are not GDPR compliant after this enforcement date could face significant fines. Replacing an obsolete data protection directive from 1995, GDPR is designed to allow individuals to …
Achieving compliance with PCI’s standards requires organizations to dedicate significant resources to this effort. Whether compliance is with PCI DSS, PA-DSS, or the P2PE standard, many entities would probably agree that the ritual of compliance can be a costly one. Unfortunately, more resources must be spent to confirm compliance if there are any changes to …
