
-
-
WAWA Suffers Massive Data Breach – Estimated 30 million sets of cardholder data affected
We recently posted a blog ‘New Year, Old Threats’ and only a few weeks later another new card data breach involving old attack methods has come to light. The Wawa chain of convenience store in the US announced it had been the victim of card data skimming malware on its point-of-sale (POS) systems at all […]
-
Compliance in Christmas
With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically. With the increase in the volume of […]
-
Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?
The short answer to this often-asked question is ‘Yes’! There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]
-
5 ways to reduce your PCI DSS scope
Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve. So, it should be no surprise that scope reduction is one of […]
-
PCI DSS: Pros and Cons of Outsourcing
In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and transmitting of cardholder data (CHD)? Let’s look at the benefits and disadvantages of outsourcing. Pros of outsourcing Reduction of scope and in-scope processes Any […]
-
To store or not to store? That is the multimillion-dollar (fine) question.
This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it. Furthermore, if you do need it, make sure that you know everywhere it is […]
-
PCI DSS – The devil is in the…….diagrams
When looking at the key success criteria for any PCI compliance programme, there is no disputing the importance attached to accurately scoping the cardholder data environment (CDE). Within this blog, we are not going to delve into the murky depths of why a network component may be in or out-of-scope (thank goodness I hear you say), […]
-
Vulnerability assessment vs. Penetration testing
Vulnerability assessment – Penetration testing, can things go wrong? There seems to be a market trend to offer a vulnerability assessment and package it as a penetration testing exercise. Both are security controls in ISO/IEC 27001: 2013 Annex A and both have distinct purpose and deliverables. In addition, they both feature quite heavily within the […]