What's Next in Retail IT? The Convergence of Mobile, P2PE and the Cloud
January 15, 2013, Rick Dakin, CEO, Co-founder and Chief Security Strategist
Greetings from the Javits Center in New York City, the site of the National Retail Federation’s Big Show. This year, the theme of NRF is “Next”.
When it comes to Retail technology – and in particular, security and compliance, the most talked about “next” things are:
P2PE Hybrid, the next best thing since the Prius
January 07, 2013, Dan Fritsche, Practice Director, Coalfire Labs
P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.
What “Dexter Malware” tells us about the future of POS security (It might just be P2PE)
December 20, 2012, Dan Fritsche, Practice Director, Coalfire Labs
The recently announced Dexter malware is targeting POS systems and once in, it collects sensitive credit card data and surreptitiously sends it off to attackers. While the details of this particular attack are not yet available, this is not the first time this general approach has been exploited.
P2P Encryption Program now available from PCI Council
May 25, 2012, Mike Weber, Vice President, Coalfire Labs
The PCI council has updated the Point-to-Point encryption (P2PE) program requirements (PDF). The update impacts merchants, payment applications, point of sale vendors and service providers. As a participating organization of the PCI P2PE task force, providing input into the standard, I wanted to briefly explain how this affects the various PCI ecosystem participants.
The ultimate goal of the P2PE program is to reduce the PCI DSS scope that merchants experience by shifting the burden away from merchants toward solution providers who are providing validated P2PE solutions. Deploying validated P2PE solutions will simplify PCI DSS validation for merchants while reducing the risk of cardholder data breaches.
Surprises Ahead for Some Level 2 Merchants
April 12, 2012, Chris Lietz, Vice President, Marketing & Channels
The PCI DSS has been around for years, and most PCI “pro’s” are familiar with the processes needed to validate compliance. However, insiders often forget that small changes to the guidelines can have a big impact on merchants.
One such change is upon us: MasterCard’s new validation guidelines for Level 2 merchants that are scheduled to take effect on June 30, 2012.