Contact
Contact

Blog

Be in touch with our latest news

FPE

9 min read

This Week's [in]Security - Issue 207

Welcome to This Week’s [in]Security. Magecart exfiltration. More FPE Weakness. Big-Hacks: Exchange Hack. F5 Attacks. SolarWinds. New breaches: WeLeakInfo. New Ransomware. Acer. Ransomware cost. Big Brother UK. Find My Device. Privacy Theatre. Background...

Read More >

8 min read

This Week’s [in]Security – Issue 104

Welcome to This Week’s [in]Security. This week: NIST FPE update may render some deployed solutions weak, NIST formalizes TDES sunset, Magecart breaches at MyPillow and Amerisleep, stalkerware exposes spied data, Facebook storing plain-text passwords,...

Read More >

4 min read

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption". The draft is open for...

Read More >

7 min read

This Week’s [in]Security – Issue 101

Welcome to This Week’s [in]Security. This week: detailed alert on trending e-commerce attack methods, PCI glossary for small business, PCI seeks input on SPoC MSR, large surveillance db leak, watchlists exposed, many NIST announcements, FPE update,...

Read More >

2 min read

7 Things You Can Do To Deal With The Recent Format Preserving Encryption (FPE) Compromise

Barely a year after NIST approved Format-Preserving Encryption (FPE) based on AES they've issued a news release that one of the approved modes has been broken. Since FPE is actively deployed within the payment industry this will have implications for...

Read More >

3 min read

Must Format Preserving Encryption (FPE) be distinguishable from cardholder data for PCI?

Previously we looked at Format Preserving Encryption (FPE) its characteristics and suitability for application in solutions intended for PCI DSS.  To recap, FPE is an encryption method that produces cryptograms that share many of the formatting...

Read More >

4 min read

What is Format Preserving Encryption and is it suitable for PCI DSS?

Format Preserving Encryption or FPE is recent technology that is beginning to show up in payment solutions with the promise of simplifying PCI DSS compliance. If you are unfamiliar with FPE then you may be wondering what it is, if it is suitable for use...

Read More >