-
Jul27
One of the more common questions that I get from clients is whether other cardholder data elements such as name, expiry date, etc. need to be encrypted when stored in conjunction with the PAN (Primary Account Number) to be PCI compliant. As with most PCI DSS requirements many people, including QSAs, insist that anything that is stored in conjunction with the PAN need to be encrypted or otherwise rendered unreadable.
Continue reading "Storing PAN with other cardholder data" »
-
Jul5
iTunes experienced a user account hack in which user accounts were stolen and unauthorized purchases made with those accounts over the July 4th long weekend.
Continue reading "iTunes user accounts hacked" »
-
Jun15
As a PA-QSA working for a QSA company, I take calls from people wanting to get PA-DSS validation for their application(s). June 30, 2010 is the deadline for all merchants and service providers to start using PA-DSS validated applications.
Continue reading "Does PA-DSS apply to you?" »
