Common Mistakes on PAN Generation

The prime focus of the PCI DSS is on protecting the card number also known as the PAN (Primary Account Number) besides the PIN and Track data (Chip and Mag Stripe). The standard allows the entity to store the PAN whereas it prohibits storage of Track data and PIN with exceptions for issuers of the card. For display the the …

“SSL, Its over!” – PCI DSS v3.1

Finally, a minor version of PCI DSS 3.0 standard (now version 3.1, after the v1.2.1 many years ago), has been released by the PCI SSC to address the vulnerable SSL/early TLS protocols with addition of few clarifications of other requirements. PCI DSS v3.1 is effective immediately. PCI DSS v3.0 will be retired on 30 June 2015. Why suddenly a v3.1 …

QSA Chronicles – PCI-PTS vs PCI-DSS

It all goes really well when the assessment begins with the Issuing Section. You never seem to lose interest watching the Maticas churning away the fresh new cards, so much so that I take a moment to quietly awe at how these card printers control a considerable chunk of the world economics. You return back to the hotel thinking the …

The Castle Approach

Defense in depth broadly defines that security controls need to be deployed in all the layers of the OSI model, such that the vulnerabilities, which may surpass the security controls in one layer, do not transcend in to the other layers. Well, the understanding of the above sentence largely depends on how well one understands the ISO OSI Model. Further …