Report from the PCI SSC North American Community Meeting
October 08, 2015, Joseph Tinucci, Senior Director, Managed Services
The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 – October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at the event (Point-to-Point Encryption and Securing Virtual Payments). Since I was also there, and I am a guest blogger for the Treasury Institute for Higher Education’s PCI DSS blog, I posted about the PCI DSS trends that I observed at the meeting.
Chip Cards Finally Come to America – But What Does it Mean for Merchants and Consumers?
October 01, 2015, Andrew Barratt, Managing Director, Europe
Like it or not, today the U.S. finally adopts EMV technology. While the implementation by most major retailers and large U.S. banks is expected to be delayed, the “chip and PIN” card types are coming to America to stay.
The real debate is, will EMV adoption do anything for card data security?
Andrew Barratt, Coalfire’s Managing Director of Europe, explained some lessons learned from the United Kingdom. He sat down with John Rostern, executive vice president, to discuss the EMV liability shift.
Guest blog: PCI audits and how to recognize a good QSA auditor and partner
July 22, 2015, Patrick Townsend, Townsend Security
Many organizations approach a PCI audit with fear and trepidation. There are a lot of stories out there about how difficult, expensive and disruptive a PCI audit can be, but I want to see if I can add some balance to this view. I believe that when it comes to a PCI auditor it matters a great deal who you are working with. We just completed a PCI audit of our Alliance Key Manager for VMware solution and it gave me a whole new perspective and attitude about the audit process. Our PCI work was conducted by Coalfire, a security company that provides PCI audit services as well as audit services for the health and financial communities. Most of my remarks will reflect on the great experience we had with Coalfire and some of the lessons we learned.
PCI Scope Assessments for Higher Education Institutions
July 13, 2015, Tyler Baker, Regional Sales Manager
With the release of PCI DSS version 3.0 and more recently 3.1, many Higher Education Institutions have found it hard to know which SAQ’s they should be filling out since there are now nine options. Higher Education Institutions have very complex merchant card environments and with the new requirements it is even harder to recognize what’s in scope. Tyler Baker interviews Dirk Anderson, the Vice President of Enterprise Risk & Compliance Platform at Coalfire, to get a deeper understanding of PCI Scope Assessment.
What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization
February 19, 2015, Matt Getzelman, PCI Practice Director
In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the PCI SSC’s definition of “Strong Encryption” and this will have immediate impact to several existing requirements. However, one key point from the announcement should be highlighted: