Blog Posts Tagged with "PA-DSS"

Fc152e73692bc3c934d248f639d9e963

PA-DSS Validation Clarification

August 09, 2012 Added by:PCI Guru

The PA-DSS has a procedure that the PA-QSA can follow to determine that version changes have not affected cardholder data processing and the application’s PA-DSS validation. Without that validation, as a QSA, our hands are tied and we must conduct a full assessment of the application under the PCI DSS...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Another Year, Another QSA Re-Certification

April 26, 2012 Added by:PCI Guru

There is a lot of discussion on network segmentation, and this year’s presentation material indicates there are apparently still a lot of QSAs that do not understand the concept of network segmentation and what constitutes good segmentation from poor segmentation...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Google Wallet and PCI Compliance

January 30, 2012 Added by:PCI Guru

Hackers could decrypt the PAN given the high likelihood that the PIN to decrypt the PAN could be derived from information on a smartphone. The nightmare scenario would be development of malware delivered through the smartphone’s application store that harvests the PII...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

The What and Why of Compliance

January 19, 2012 Added by:Fergal Glynn

What is a compliance framework? It’s an architected system of policies, controls and objectives designed to keep your business out of trouble and operating securely. It should measure risk and effectiveness, and keep constituents aware and up to date, since risk changes...

Comments  (0)

Ad5130e786d13531cc0f2cde32dacd0f

The Holy Grail and the PA-DSS Implementation Guide

October 04, 2011 Added by:Andrew Weidenhamer

As a QSA it is very frustrating to walk in, ask the merchant for the PA-DSS Implementation Guide, and receive a glazed over eye look. It's even more frustrating when you then ask the Vendor/Reseller for the Implementation Guide and they look at you as if you have three heads....

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI SSC Nixes Certification for Mobile Payments Apps

June 30, 2011 Added by:PCI Guru

"Until such time that it has completed a comprehensive examination of the mobile communications device and payment application landscape, the Council will not approve mobile payment applications used by merchants to accept and process payment as validated PA-DSS applications..."

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

More On Mobile Payments Security

February 25, 2011 Added by:PCI Guru

While iPhone is the “Big Kahuna”, it does not mean that Android and Windows Phone devices are not also used for credit card payments. Unfortunately, Android and Windows Phone devices have similar issues that make them difficult, if not impossible, to have PA-DSS certified applications...

Comments  (0)