maravis.com

Exploring Information Security

Saturday, July 31, 2010

  • Jul
    27

    One of the more common questions that I get from clients is whether other cardholder data elements such as name, expiry date, etc. need to be encrypted when stored in conjunction with the PAN (Primary Account Number) to be PCI compliant. As with most PCI DSS requirements many people, including QSAs, insist that anything that is stored in conjunction with the PAN need to be encrypted or otherwise rendered unreadable.

    Continue reading "Storing PAN with other cardholder data" »

  • Jun
    15

    As a PA-QSA working for a QSA company, I take calls from people wanting to get PA-DSS validation for their application(s). June 30, 2010 is the deadline for all merchants and service providers to start using PA-DSS validated applications.

    Continue reading "Does PA-DSS apply to you?" »

  • Aug
    17

    There was a news article on the BBC website today about a man arrested for stealing 130 million credit card numbers. He along with a couple of Russian co-conspirators (unnamed), broke into several organizations such as 7Eleven, Hannaford Brothers, Heartland Payment Systems, to name a few and stole credit card numbers with the intent of selling them on.

    Continue reading "Stealing Credit Card Numbers" »

Archives

 
Page 1 of 2 12»