+44 (0)20 7877 0060 contact@2-sec.com
Select Page

Archive

As I’m sure you already know, PCI DSS v3.1 introduces a single change to replace “SSL” with “strong cryptography” in section 4.x. Whilst it might be a single change in PCI DSS, it literally means hundreds of thousands of HTTPS web pages around the world need their underlying web servers reconfiguring to use strong encryption. […]

Why is POODLE and SSL v3 a problem?

Why is POODLE and SSL v3 a problem?

As I’m sure you already know, PCI DSS v3.1 introduces a single change to replace “SSL” with “strong cryptography” in section 4.x. Whilst it might be a single change in PCI DSS, it literally means hundreds of thousands of HTTPS web pages...
Third Party Security Assurance for PCI DSS

Third Party Security Assurance for PCI DSS

Almost 2 years ago, 2-sec founded the PCI SSC’s Third Party Security Assurance SIG, following the PCI SSC Community Meeting in Dublin. The aim of the SIG was to incorporate third party security assurance guidance into PCI DSS v3.0 and to produce an information...
Target and Trustwave sued over data breach

Target and Trustwave sued over data breach

News hit the wire today that Target’s acquiring banks have issued another lawsuit against Target, including Trustwave as a co-defendant.  This time the banks are trying to recover some costs incurred from Target’s managed data security services provider,...
The SAQ-A-EP Apocalypse

The SAQ-A-EP Apocalypse

The PCI SSC recently announced the new PCI DSS v3.0 Self Assessment Questionnaires (SAQs).  Of particular interest was SAQ-A-EP, that has enshrined Visa Europe’s original guidance on securing Hosted Payment Pages (HPPs) into PCI DSS v3.0. This of course is a...
Your data’s safe with us…

Your data’s safe with us…

I was visiting an airline site today, and when prompted to enter my credit card details to book the flight, and whether or not I wanted to store my card details for future transactions, saw the note: “It’s safer to store your payment card details in our...