Author: Todd Becker, PCI QSA, ISO 27001 Auditor ‘Chip and PIN’, or EMV (“Europay, MasterCard, Visa”), is an open-standard set of specifications for smart card payments and acceptance devices and is a popular topic these days with HALOCK’s PCI clients. EMV is not a PCI requirement. However, there is a ‘liability shift’ in October 2015 that […]
If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless […]
Author: Viviana Wesley, PCI QSA The Payment Card Industry Data Security Standard (PCI DSS) version 3.1 was released today outlining a number of important changes.
SSL No Longer Considered Strong Cryptography Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon. The change is related to vulnerabilities seen with Secure Socket Layer (SSL) cryptography.
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA As we rang in the New Year, the transition year for PCI v3.0 compliance came to a close. All businesses are now required to be compliant with version three of the PCI Data Security Standard (DSS). But did you know that a handful of the requirements […]
Author: Viviana Wesley, PCI QSA Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal […]
Some companies test once a year. Some test several times a year. So what frequency is correct for your organization? Well that all depends on how frequently your environment changes and other unique factors affecting your organization. When determining how often to conduct network penetration tests, consider the following:
Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems.
FOR IMMEDIATE RELEASE HALOCK Investigation finds that over 70% of mortgage lenders may be putting sensitive financial data at risk through their application processes Schaumburg, IL, January 29, 2014: Cybersecurity firm HALOCK Security Labs found many of the nation’s large and small mortgage lenders allow for information sharing practices that may put applicants’ personal and […]
Both penetration tests and automated vulnerability scans are useful tools for managing vulnerabilities. While these are different testing methods, they are complementary and both should be performed.