Skip to the main content.
Contact
Contact

Blog

Be in touch with our latest news

pci (2)

1 min read

Non-Compliance Lesson No. 1: Wait until your assessment to validate scope

PCI DSS can be hard and not preparing for it just makes things harder. Following this advice is guaranteed to make it both more exciting and painful.

Read More >

11 min read

Quantum Cryptography for Risk Managers or Shor, Grover, and the Crypto-Apocalypse

According to some, quantum cryptography will revolutionize cryptography, kill our current ciphers, and reveal all our secrets. But if you're a risk...

Read More >

5 min read

Why Organizations Need to Become Crypto-Agile and What that Means

Cryptographic change is a reality. Since 2006, we have seen the sunset of WEP, SSLv2, RSA-1024, SSLv3 and early TLS. We know that Triple DES and...

Read More >

3 min read

Why did my PCI DSS Scope Explode?

It can be extremely frustrating for a compliance team to realize that additional systems are in-scope. It means additional and unexpected security...

Read More >

4 min read

Don’t Tie Yourself in Knots Thinking you can Store Payment Card Verification Codes/Values

Card Not Present Security Codes/Values are the 3 and 4 digit printed numbers on your payment cards used to verify card-not-present transactions. PCI...

Read More >

8 min read

The DSS, MageCart, and the DOM – Part 3 e-Commerce Skimming

Cyberattacks and data breaches have risen dramatically in recent years and no industry or organization is immune to these attacks. Merchants,...

Read More >

6 min read

The DSS, MageCart, and the DOM – Part 2 Browsers, the DOM, and 3rd Party JavaScript

In part two of our series, we take a deeper dive into how JavaScript works and its implications to web and e-commerce security and compliance. This...

Read More >

8 min read

The DSS, MageCart, and the DOM – Part 1: The PCI DSS e-Commerce Rules

It turns out that how you implement e-commerce can have a huge impact on your compliance footprint (i.e., the number of PCI security controls...

Read More >

5 min read

Why do some Issuers believe they don’t need to be PCI DSS compliant?

Documents from the PCI Council, MasterCard, and Visa clearly indicate that Issuers are required to be PCI DSS compliant (see Learn More below). Yet...

Read More >