Encryption - Cyber Security Informer

Just Published: P2PE v3.1

PCI perspectives

SEPTEMBER 30, 2021

Today, the PCI SSC published a minor revision to the PCI Point-to-Point Encryption (P2PE) ®?Standard. We talk with Mike Thompson, Senior Manager of Emerging Standards and the Chair of the PCI Council’s P2PE Working Group, about some of these changes.

Encryption

Q&A on the Optional P2PE Solution Inventory Template

PCI perspectives

APRIL 21, 2021

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals even if stolen in a breach. PCI P2PE Solutions are those that have been validated as meeting the rigorous security requirements of the PCI P2PE Standard and are listed on the PCI Security Standards Council (PCI SSC) website.

Encryption

Encryption Technology

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Thales Cloud Protection & Licensing

NOVEMBER 20, 2023

The Indispensable Role of End-to-End Encryption in the Age of Mobile Wallets Mobile wallets and online transactions are now as commonplace as physical cash transactions. Today, using Point-to-Point Encryption (P2PE) isn't just a luxury; it's a necessity. For retailers, this poses a two-pronged challenge.

Retail

Retail Cybersecurity Financial Services Mobile

Is Your Chip Card Secure? Much Depends on Where You Bank

Krebs on Security

JULY 30, 2020

Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip. The technology causes a unique encryption key — referred to as a token or “cryptogram” — to be generated each time the chip card interacts with a chip-capable payment terminal.

Banking

Banking Malware Encryption Accountability

Leveraging tokenization services from the major card brands

Thales Cloud Protection & Licensing

MARCH 29, 2018

In the recent Thales eSecurity eBook, ‘ PCI Compliance and Data Protection for Dummies ’, we cover the main technologies that can be used, such as encryption and tokenization, to help with such efforts in protecting the payment prior to a successful authorization and secure storage of selected elements afterwards.

Data breaches

Data breaches Encryption Mobile IoT

Hardware security still essential at the heart of the payments infrastructure

Thales Cloud Protection & Licensing

SEPTEMBER 6, 2018

Through the PCI documentation they have deemed that using software-based cryptography for all of these tasks could result in: Malware used to capture keys and sensitive data from server memory; Manipulation of PIN blocks in transit; and, The compromise of key-encrypting keys (used to secure cryptographic zones).

Mobile

Mobile Software Encryption Risk

Request for Comments: P2PE v3.1 Draft Standard

PCI perspectives

MAY 18, 2021

P2PE Assessors and Participating Organizations are invited to provide feedback on the draft P2PE v3.1 Standard minor revision during a 30-day request for comments (RFC) period running from 18 May through 17 June 2021. Standard minor revision published in March 2021.

Encryption

Reduced Certification Requirements for PA-QSA Secure Software Assessor Candidates until 30 June 2021

PCI perspectives

MARCH 30, 2021

When the Payment Application Data Security Standard (PA-DSS) v3.2 closes on 28 October 2022, it will be superseded by the Secure Software Standard and Program, which is part of the PCI Software Security Framework (SSF).

Software

Software Encryption

Request for Comments: PCI P2PE v3.1 Standard

PCI perspectives

APRIL 4, 2023

P2PE Assessors, P2PE Application Assessors, Qualified PIN Assessors, Qualified Security Assessors, and Participating Organizations are invited to provide feedback on the currently published P2PE v3.1 Standard during a 30-day request for comments (RFC) period running from 4 Apr 2023 through 4 May 2023.

Encryption

Assessors: Prepare for the Closure of PA-DSS

PCI perspectives

SEPTEMBER 29, 2022

On 28 October 2022, the Payment Application Data Security Standard (PA-DSS) and Program will close and will be replaced by the PCI Secure Software Standard. To prepare for this transition, assessors should be aware of the following information:

Software

Software Encryption

Point-of-Sale (POS) Security Measures for 2021

eSecurity Planet

FEBRUARY 8, 2021

Massive point-of-sale (POS) breaches continue to make headlines on a regular basis, and they can have a significant impact on consumers’ trust in a company and its brand. It’s a tough time to be a retailer. vSkimmer malware, a successor to Dexter, dates back to 2013. vSkimmer malware, a successor to Dexter, dates back to 2013.

Retail

Retail Encryption Malware Artificial Intelligence

Cyber Security Informer

Just Published: P2PE v3.1

Q&A on the Optional P2PE Solution Inventory Template

Trending Sources

Black Friday and Cyber Weekend: Navigating the Tumultuous Waters of Retail Cybersecurity

Is Your Chip Card Secure? Much Depends on Where You Bank

Leveraging tokenization services from the major card brands

Hardware security still essential at the heart of the payments infrastructure

Request for Comments: P2PE v3.1 Draft Standard

Reduced Certification Requirements for PA-QSA Secure Software Assessor Candidates until 30 June 2021

Request for Comments: PCI P2PE v3.1 Standard

Assessors: Prepare for the Closure of PA-DSS

Point-of-Sale (POS) Security Measures for 2021

Stay Connected