Author Archives: Viviana Wesley

PCI Deadline is Fast Approaching on June 30, 2018

by Viviana Wesley PCI QSA, ISO 27001 Auditor – Managing Consultant, Governance & Compliance Services Cyber security is a moving target.  The technology and policies that kept users, devices and data safe at one time are eventually compromised at some point by the growing skills of cybercriminals and technology itself.  This is one of the reasons […]

Clarifying the new PCI DSS 3.2 Requirements for Service Providers

By Viviana Wesley, PCI QSA, ISO 27001 Auditor The process of securing cardholder data is a shared responsibility amongst multiple parties that play a role in the card transaction process. They include merchants, processors, acquirers, backup tape storage facilities, issuers and service providers just to name a few. All of these entities play a part in […]

PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography

Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon.  The change is related to vulnerabilities seen with Secure Socket Layer cryptography.

PCI Council Changes the Rules for PA-DSS Minor Changes

The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors.  Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]

OWASP “Cheat Sheets”

Organizations that must achieve and maintain PCI DSS compliance often have difficulty implementing or redesigning web applications to align with the OWASP Top 10.  Raul Siles, an OWASP contributor and SANS ISC Handler, has recently posted a OWASP “cheat sheet” for web application session handling that may be useful when designing and/or reviewing web application sessions, […]