The PCI SAQ P2PE-HW: Patience, POIs and PIMs
January 15, 2013, Dan Fritsche, Practice Director, Coalfire Labs
The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many merchants are excited about the prospect of a shorter, less arduous compliance validation effort. After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.
P2PE Hybrid, the next best thing since the Prius
January 07, 2013, Dan Fritsche, Practice Director, Coalfire Labs
P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.
What “Dexter Malware” tells us about the future of POS security (It might just be P2PE)
December 20, 2012, Dan Fritsche, Practice Director, Coalfire Labs
The recently announced Dexter malware is targeting POS systems and once in, it collects sensitive credit card data and surreptitiously sends it off to attackers. While the details of this particular attack are not yet available, this is not the first time this general approach has been exploited.