The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization

    February 19, 2015, Matt Getzelman, PCI Practice Director

    In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the PCI SSC’s definition of “Strong Encryption” and this will have immediate impact to several existing requirements.  However, one key point from the announcement should be highlighted:

    Read more
  • Emerging Payment Technologies and Due Diligence: A Warning about “Silver Bullets”

    February 09, 2015, Matt Getzelman, PCI Practice Director

    2015 will be an exciting year for the payments industry, especially for merchants that now have a number of new payment technologies at their disposal.  Emerging payment technologies such as Point-to-Point-Encryption (P2PE), Tokenization, EMV/Chip and Signature and Mobile Payment Acceptance are hitting the market globally and all of them can help reduce the risk of cardholder data compromise as well as potentially impact the compliance posture of merchants that choose to adopt them.

    Read more
  • Apple Pay and PCI Compliance

    November 20, 2014, Matt Getzelman, PCI Practice Director

    A year ago, many retail cybersecurity discussions began and ended with PCI compliance. Today, after a gut-wrenching 10 months of data breaches stretching from mom-and-pop shops to category-leading brands, the discussions are broader, the risks are better understood and every link in the customer data chain is coming under newfound scrutiny.

    Read more
  • The PCI Enforcement Hammer is Ready to Drop

    October 31, 2014, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    The time for nervous anticipation for PCI breach response is over …. VISA has issued dramatic PCI Data Security Standard Compliance enforcement guidance for Level 1 and 2 merchants and all Service Providers.  Effective January 1st, 2015, noncompliance costs will be applied sooner and will escalate quicker.  For many merchants and service providers looking for a reason to improve compliance just got one.  The cost for noncompliance will easily hit $250,000 for many small and mid-sized merchants and service providers.

    Read more
  • Two final thoughts from the PCI Community Meeting

    September 11, 2014, Matt Getzelman, PCI Practice Director

    The 2014 North American PCI Community Meeting has drawn to a close, but the messages and lessons learned will continue to resonate with me long after I've returned home to Denver. There were two messages from the SSC this week that really struck a chord with me and I wanted to expand on why I think they are important moving forward.

    Read more
  • Displaying results 21-25 (of 35)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7  >  >| 

Recent Posts

Post Topics

Archives

Tags