David Gamey

Understanding P2PE, NESA, E2EE, and PCI Compliance | blog,pci | Control Gap
10 min read

Understanding P2PE, NESA, E2EE, and PCI Compliance | blog,pci | Control Gap

Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and money....

Read More >
PCI Compliance and the Intel AMT Vulnerability
4 min read

PCI Compliance and the Intel AMT Vulnerability

On May 1st a critical new and possibly unprecedented vulnerability was announced. The flaw in Intel's Active Management Technology (AMT) firmware will...

Read More >
7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise | blog,pci,cryptography | Control Gap
2 min read

7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise | blog,pci,cryptography | Control Gap

Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has...

Read More >
3 Ways 8-Digit BIN Ranges May Impact PCI Compliance
3 min read

3 Ways 8-Digit BIN Ranges May Impact PCI Compliance

New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to maintain...

Read More >
What The CIA WikiLeaks Dump Has In Common With PCI Compliance | blog,pci | Control Gap
1 min read

What The CIA WikiLeaks Dump Has In Common With PCI Compliance | blog,pci | Control Gap

In recent news, WikiLeaks exposed a huge trove of CIA documents. Journalists and bloggers will of course have a field day with this and the general...

Read More >
SHA-1 Is Dead!
2 min read

SHA-1 Is Dead!

History The SHA-1 cryptographic hash function was introduced in 1995. Weaknesses began to be discovered in 2005, and in 2011 NIST deprecated SHA-1. The...

Read More >
What Is The Difference Between Masking And Truncation In PCI Compliance?

What Is The Difference Between Masking And Truncation In PCI Compliance?

Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890); however, each implies different functionality.

Read More >
What Is Cardholder Data In PCI Compliance?

What Is Cardholder Data In PCI Compliance?

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands. CHD includes the primary...

Read More >
Call Centers and PCI Compliance: Things You Need to Know
5 min read

Call Centers and PCI Compliance: Things You Need to Know

Call centers can be challenging places. They range from small and simple to large and complex. For many businesses they are a place where new...

Read More >