What “Dexter Malware” tells us about the future of POS security (It might just be P2PE)
December 20, 2012, Dan Fritsche, Practice Director, Coalfire Labs
The recently announced Dexter malware is targeting POS systems and once in, it collects sensitive credit card data and surreptitiously sends it off to attackers. While the details of this particular attack are not yet available, this is not the first time this general approach has been exploited.
P2P Encryption Program now available from PCI Council
May 25, 2012, Mike Weber, Vice President, Coalfire Labs
The PCI council has updated the Point-to-Point encryption (P2PE) program requirements (PDF). The update impacts merchants, payment applications, point of sale vendors and service providers. As a participating organization of the PCI P2PE task force, providing input into the standard, I wanted to briefly explain how this affects the various PCI ecosystem participants.
The ultimate goal of the P2PE program is to reduce the PCI DSS scope that merchants experience by shifting the burden away from merchants toward solution providers who are providing validated P2PE solutions. Deploying validated P2PE solutions will simplify PCI DSS validation for merchants while reducing the risk of cardholder data breaches.
Surprises Ahead for Some Level 2 Merchants
April 12, 2012, Chris Lietz, Vice President, Marketing & Channels
The PCI DSS has been around for years, and most PCI “pro’s” are familiar with the processes needed to validate compliance. However, insiders often forget that small changes to the guidelines can have a big impact on merchants.
One such change is upon us: MasterCard’s new validation guidelines for Level 2 merchants that are scheduled to take effect on June 30, 2012.
Coalfire in the News
January 17, 2012, Rick Dakin, CEO, Co-founder and Chief Security Strategist
It’s been quite a season in the world of IT security as we move into 2012. As experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we have had to say recently: