What to Expect in the PCI 3.2 Update
April 04, 2016, Shawn Shifflett, CISSP, QSA, Senior Practice Director, PCI
A preview of new requirements and guidance expected later this month from the Payment Card Industry Security Standards Council was announced Thursday. The PCI DSS 3.2 version represents the first update to the standard that the Council has released since 3.1 in April 2015 and 3.0 in November of 2013.
PCI Council Gives Merchants Reprieve on PCI 3.1 Updates
January 07, 2016, Shawn Shifflett, CISSP, QSA, Senior Practice Director, PCI
The Payment Card Industry Security Standards Council (PCI SSC) released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended.
Report from the PCI SSC North American Community Meeting
October 08, 2015, Joseph Tinucci, Senior Director, Managed Services
The Payment Card Industry Security Standards Council held their 2015 North American Community Meeting this year in Vancouver, BC, from September 29 – October 1. Coalfire was well represented at the meeting, with Dan Fritsche, Managing Director, Application Security, making two presentations at the event (Point-to-Point Encryption and Securing Virtual Payments). Since I was also there, and I am a guest blogger for the Treasury Institute for Higher Education’s PCI DSS blog, I posted about the PCI DSS trends that I observed at the meeting.
Chip Cards Finally Come to America – But What Does it Mean for Merchants and Consumers?
October 01, 2015, Andrew Barratt, Managing Director, Europe
Like it or not, today the U.S. finally adopts EMV technology. While the implementation by most major retailers and large U.S. banks is expected to be delayed, the “chip and PIN” card types are coming to America to stay.
The real debate is, will EMV adoption do anything for card data security?
Andrew Barratt, Coalfire’s Managing Director of Europe, explained some lessons learned from the United Kingdom. He sat down with John Rostern, executive vice president, to discuss the EMV liability shift.
Guest blog: PCI audits and how to recognize a good QSA auditor and partner
July 22, 2015, Patrick Townsend, Townsend Security
Many organizations approach a PCI audit with fear and trepidation. There are a lot of stories out there about how difficult, expensive and disruptive a PCI audit can be, but I want to see if I can add some balance to this view. I believe that when it comes to a PCI auditor it matters a great deal who you are working with. We just completed a PCI audit of our Alliance Key Manager for VMware solution and it gave me a whole new perspective and attitude about the audit process. Our PCI work was conducted by Coalfire, a security company that provides PCI audit services as well as audit services for the health and financial communities. Most of my remarks will reflect on the great experience we had with Coalfire and some of the lessons we learned.