PCI DSS – Page 2 – WindowsTechs.com

PCI-DSS Compliance: SSL Tunneling Credit Card Information Through A HTTPS Mobile/Residential Proxy Service to A Destination Service

Posted on August 2, 2023 by chukky arinze

If a PCI compliant service decides to SSL-Tunnel credit card information via an independent residential/mobile proxy service to a destination payment service, would this protocol still be PCI compliant?
Since the credit card information is… Continue reading PCI-DSS Compliance: SSL Tunneling Credit Card Information Through A HTTPS Mobile/Residential Proxy Service to A Destination Service→

Can I use GitHub and be PCI DSS 4.0 compliant?

Posted on June 26, 2023 by bbozo

Is it possible to use any remote DVCS (GitHub, Bitbucket, etc.) with PCI DSS or should I host Git on my own server?
The repo obviously doesn’t store any sensitive CHD information and I do have my own self-hosted git repo inside the PCI DSS… Continue reading Can I use GitHub and be PCI DSS 4.0 compliant?→

ChatGPT and data protection laws: Compliance challenges for businesses

Posted on June 20, 2023 by Mirko Zorz

In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that businesses can face if they betray customers’ trust. Thaine also discus… Continue reading ChatGPT and data protection laws: Compliance challenges for businesses→

How to Approach CVEs Marked as "DISPUTED" and "WON’T FIX" in PCI-DSS Pentest

Posted on June 16, 2023 by xpelican

When conducting penetration testing in a PCI-DSS compliance context, we found a known security vulnerability that’s identified by a CVE number.
In this case, the finding in question is CVE-2016-20012, which is marked on the CVE database as… Continue reading How to Approach CVEs Marked as "DISPUTED" and "WON’T FIX" in PCI-DSS Pentest→

Beyond MFA: 3 steps to improve security and reduce customer authentication friction

Posted on June 14, 2023 by Help Net Security

For many people, life’s fundamental activities are now conducted online. We do our banking and shopping online, turn to the digital realm for entertainment and to access medical records, and pursue our romantic interests via dating sites. That means ap… Continue reading Beyond MFA: 3 steps to improve security and reduce customer authentication friction→

PCI compliance – use of ANSI X9.17 for export keys

Posted on June 9, 2023 by MaXbeMan

we have a concern about a key export. We completed the migration to Key Block LMK in our environment (with HSM Thales 10K). Now, we have to exchange keys with third-parties that still use Keys in variant form. We generated the keys and for… Continue reading PCI compliance – use of ANSI X9.17 for export keys→

Encrypt communication between microservices in PCI DSS env

Posted on April 29, 2023 by Peter Penzov

I have a payment gateway application which will be used to process payment transactions hosted on Kubernetes cluster. Total of 4 microservices will be used to communicate using REST API and Kafka. Is it mandatory to use SSL/TLS encryption … Continue reading Encrypt communication between microservices in PCI DSS env→

Are you ready for PCI DSS 4.0?

Posted on April 26, 2023 by Help Net Security

In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). About PCI DSS PCI DSS comprises 12 requirements to protect payment card da… Continue reading Are you ready for PCI DSS 4.0?→

Companies carry unquantified levels of risk due to current network security approaches

Posted on April 7, 2023 by Help Net Security

40% of senior cybersecurity decision makers effectively prioritize risks to Payment Card Industry Data Security Standard (PCI DSS) 4.0 compliance, according to Titania. The study highlights that oil and gas, telecommunications, and banking and financia… Continue reading Companies carry unquantified levels of risk due to current network security approaches→

PCI requirements for iPaaS organisations

Posted on April 5, 2023 by newcube

My organisation acts as a b2b cloud integration platform essentially taking data from one SaaS API and posting it to another.
The data that is moved between the SaaS applications is end user configured, and as such we don’t know the conten… Continue reading PCI requirements for iPaaS organisations→