Author Archives: Viviana Wesley

PCI Deadline is Fast Approaching on June 30, 2018

by Viviana Wesley PCI QSA, ISO 27001 Auditor – Managing Consultant, Governance & Compliance Services Cyber security is a moving target.  The technology and policies that kept users, devices and data safe at one time are eventually compromised at some point by the growing skills of cyber criminals and technology itself.  This is one of […]

Clarifying the new PCI DSS 3.2 Requirements for Service Providers

By Viviana Wesley, PCI QSA, ISO 27001 Auditor The process of securing cardholder data is a shared responsibility amongst multiple parties that play a role in the card transaction process. They include merchants, processors, acquirers, backup tape storage facilities, issuers and service providers just to name a few. All of these entities play a part in […]

PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography

SSL No Longer Considered Strong Cryptography Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon.  The change is related to vulnerabilities seen with Secure Socket Layer (SSL) cryptography.

PCI and Third Party Security Assurance: The PCI Council’s Guidance Summarized

Author: Viviana Wesley, PCI QSA Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal […]

PCI Council Changes the Rules for PA-DSS Minor Changes

The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors.  Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]

OWASP “Cheat Sheets”

Organizations that must achieve and maintain PCI DSS compliance often have difficulty implementing or redesigning web applications to align with the OWASP Top 10.  Raul Siles, an OWASP contributor and SANS ISC Handler, has recently posted a OWASP “cheat sheet” for web application session handling that may be useful when designing and/or reviewing web application sessions.