Category: Blogs

Blog Understand and Implement Effective PCI Data Security Standard requirements by choosing a good standing Qualified Security Assessor (QSA) recognized by PCI-SSC Council in order to combat card data breaches. With a recent global card data breaches resulting into fraud of $45 million, impacting many Indian and International bank, which is said to be linked… Continue reading How to Combat Card Data Breaches?

Starting without understanding the PCI Environment Started the assessment with PCI checklist, Good! But it can lead to disaster if assessment has been started without understanding the environment, business process, network infrastructure and most important – cardholder data flow. Understand the requirements: The first step to ensuring PCI DSS compliance is to understand the requirements.… Continue reading Reasons Why Your PCI Compliance May Fail (and How to Fix It)

Blog I have been seeing a number of articles and television channels flashing news about how credit cards have been misused in many places. This one on a leading national newspaper is an example – In 12 hours, Mumbai woman’s credit card used in 4 continents. When it comes to payment card security, one should… Continue reading Have Indian Companies Got It Right On Payment Card Security?

Blog Today our small devices like phone, tablets and note books works on open source operating systems and these devices are capable of doing most of the work that we used to do on Desktops and laptops. The Next Generation of open operating system (iOS and Android) won’t be on desktops or mainframes but on… Continue reading Android, is it Secure?

Blog Those were old days when you have to take out your wallet and pay by cash. Plastic money has brought a revolution in payment Industry, now it is time to wave your mobile phone to make payments. Near field communication (NFC) is establishing a new milestone in Payment Industry. NFC contactless payment is a… Continue reading NFC payment – New milestone in Payment Industry

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to protect cardholder data. If your business processes, stores, or transmits credit card data, you are required to comply with PCI DSS. One way to achieve PCI DSS compliance is to outsource it to PCI Compliance service provider or… Continue reading How to Choose the best PCI Compliance Service Provider

Blog Unfortunately, hope is not a plan, so organizations look to standards bodies like ISO, OCTAVE, PCI DSS, NIST, etc for guidance on security best practices. But choosing a best practices standard or framework to follow is its challenge. There are many of them and many factors to evaluate, including the standards’ similarities to existing… Continue reading Comparison between ISO 27005, OCTAVE & NIST SP 800-30

Blog The Payment Card Industry Data Security Standard (PCI DSS for short) requires that card numbers are not transmitted insecurely and are not displayed to  most users unmasked. Naturally a network monitoring system such as an IDS or an IPS seems like a natural enforcement system to ensure that such information is not sent against… Continue reading Detecting Card Numbers

Blog Social engineering attacks refers to the infringement of organizational security by influencing employees into exposing confidential information. Its main tool is the use of psychological tricks to attain an employee’s trust, instead of technical practices. Social engineering comprises frauds such as obtaining a password by acting as an employee or leveraging social media platforms… Continue reading Combat social engineering attacks with these mantras

Blog WAF (Web Application Firewall) plays an integral role in securing the Web Applications as WAF can mitigate risks and offers protection against a wide-range of vulnerabilities. This is why many organizations have implemented WAF solutions in their infrastructure. Implementation of web application firewall is just not the solution for resolving the security problems that… Continue reading Identifying Web Application Firewall in a Network