Anonymous :anarchism: 🏴 · @YourAnonRiots
5797 followers · 36086 posts · Server mstdn.social

💳PCI DSS 4.0 Requirements 9 and 10 focus on managing access to cardholder data, including physical access limitations and logging and monitoring all access.

Shubhra Deo and Ross Moore provide insight into the requirements.⤵️

hubs.la/Q01WcTFq0

#infosecurity #Data #pcidss

Last updated 1 year ago

Anonymous :anarchism: 🏴 · @YourAnonRiots
5797 followers · 36084 posts · Server mstdn.social

PCI DSS 4.0 has updated Requirements 11 and 12 to prioritize regular security testing and organizational policies to support information security.

Angus Macrae and Dimitris Georgiou break down the revised directions.⤵️

hubs.la/Q01WHPHT0

#compliance #infosecurity #pcidss

Last updated 1 year ago

Kevin Karhan :verified: · @kkarhan
1024 followers · 63255 posts · Server mstdn.social

@me I mostly install @ubuntu LTS because I need the plannability of .

And before any rep wants to sell me anything I want to see a Commitment to and on-premise...

Because I need to comply with , , & Standards constantly...

#bsi #pcidss #gdpr #bdsg #Maas #onpremise #Landscape #canonical #ubuntults

Last updated 1 year ago

Anonymous :anarchism: 🏴 · @YourAnonRiots
5563 followers · 34605 posts · Server mstdn.social

In this blog, Tripwire's David Bruce discusses some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0. with guest experts, Shubhra Deo, Angus Macrae, and Funso Richard.

tripwire.com/state-of-security

#compliance #pcidss

Last updated 1 year ago

Kevin Karhan :verified: · @kkarhan
943 followers · 53931 posts · Server mstdn.social

@lilianedwards AFAIK is stricter than what Italy has on national level, tho is stricter than even , & together...

#pcidss #HIPAA #coppa #bdsg #gdpr

Last updated 2 years ago

WhatDoesKmean · @seercle
1 followers · 15 posts · Server red.niboe.info
Kevin Karhan :verified: · @kkarhan
912 followers · 50402 posts · Server mstdn.social

@infosec_jobs that one cannot nor make it with since is part of the program and also falls under ?

I'm not even shure they can comply to 4.0

OFC...

#notlegaladvice #pcidss #cloudact #prism #Amazon #gdpr #compliant #AWS #secure #whatifitoldyou

Last updated 2 years ago

Kevin Karhan :verified: · @kkarhan
898 followers · 48815 posts · Server mstdn.social

@schrottkatze Yes.

They use as and store passwords in .

Because that's the only logical reason they'd not demand 32+ signs with Uppercase- Lowercase, Numerals and Symbols as well as denying CamelcaseSpeak and checking for words in realtime...

And yes, and don't have any "password security" demands whatsoever...

#psd2 #pcidss #plaintext #backend #sap

Last updated 2 years ago

Megawatt · @Megawatt
17 followers · 107 posts · Server infosec.exchange

Although I don’t focus on anymore, it still bugs me to see forms like this asking the customer to write down their CVV2.

#pcidss

Last updated 2 years ago

Kevin Karhan :verified: · @kkarhan
726 followers · 34053 posts · Server mstdn.social

@funnygodmother SHIT LIKE THIS is why there's actual in like & .

If a citizen and/or resident would be affected, they'd be out paying huge fines if not face prison in for gross neglect.

That being said the only "data protection" that exist in the is & - the latter one only applying to providers and -data.

#Healthcare #HIPAA #pcidss #USA #EU #gdpr #bdsg #Germany #laws #dataprotection

Last updated 2 years ago

Kevin Karhan :verified: · @kkarhan
710 followers · 32545 posts · Server mstdn.social

@survey I can accept if it complies with , , , and standards and doesn't do analytics or telemetry without my explicit opt-in consent.

Unlike and his cult followers I do understand that not everything can be licensed under (i.e. due to and of them) and at the end of the day, those coding need to pay their electricity bill, eat and have some watm place to sleep in.

#licensing #patents #gplv3 #Stallman #bsi #HIPAA #pcidss #bdsg #gdpr #ccss

Last updated 2 years ago

Kevin Karhan :verified: · @kkarhan
710 followers · 32544 posts · Server mstdn.social

@timforgot @TomLarrow Still they should be solely optional.

IDC what kind of fancy stuff one does with it:
I want to be able to REJECT ALL even if it makes the site look like shit.

Anything else would be supporting a bloated and ableist web!
youtube.com/watch?v=c_v2_vTogS

Whereas is something that is kinda essential: Not because will REQUIRE it for any online store, but because in the era of there is no reason for any business not to deploy it.

#letsencrypt #pcidss #ssl

Last updated 2 years ago

Kevin Karhan :verified: · @kkarhan
707 followers · 31778 posts · Server mstdn.social

@allenholub *nodds in agreement*

That's why I yeet Windows machines out of the Window:
Microsoft's bloated tech stack is costly, slow and doesn't even comply with basics like , & ...

#pcidss #bdsg #gdpr

Last updated 2 years ago

5h15h · @shish
83 followers · 387 posts · Server techhub.social

In this Document Library, can find specifications, tools, measurements, and support resources to ensure the safe handling of cardholder information pcisecuritystandards.org/docum

#retailers #cybersecurity #retail #pentest #pcidss #mobilepayments #Payments

Last updated 2 years ago

5h15h · @shish
82 followers · 383 posts · Server techhub.social
Jeff Man · @mrjeffman
478 followers · 53 posts · Server infosec.exchange

@jbhall56 in the future (after 31 March 2025) will entities need to perform both an unauthenticated and authenticated internal vulnerability scan or just an authenticated scan according to .0???

#pcidss #v4

Last updated 2 years ago

Mika Rautio · @mrautio
45 followers · 125 posts · Server infosec.exchange

"Secure payments over VoIP calls in the cloud" - talk had some details on how to implement a PCI DSS compliant VoIP solution using AWS (IaaS), Kamailio & Sipwise rtpengine

#fosdem #pcidss #voip

Last updated 2 years ago

Kevin Karhan :verified: · @kkarhan
577 followers · 21340 posts · Server mstdn.social

@sindastra @clarity99

Which is what I explicitly want, as I've to comply with , , and other regulations & be able to enforce "need to know" and name every user that may or may not have access to said vaults...

And no, German laws don't care if something is encrypted or not when it comes to sharing data, so I've enforce strict policies and refuse to use services and tech that doesn't enable me to enforce said policies.

#pcidss #bdsg #gdpr

Last updated 2 years ago

Mika Rautio · @mrautio
45 followers · 117 posts · Server infosec.exchange

AWS managed to PCI PIN certify their CloudHSM as the first one of the big cloud service providers. Awesome feat! Next up PCI P2PE?

aws.amazon.com/blogs/security/

#pcipin #pcidss #aws #hsm

Last updated 2 years ago

Mika Rautio · @mrautio
43 followers · 102 posts · Server infosec.exchange

A support person requested last 8 digits of a debit card number in a customer support phone call recently from me. That makes the debit card number easily guessable. With this debit card's primary account number (PAN) being 16 digits, first six digits (bank identification number, BIN) are guessable, so that leaves two digits from discovering the whole PAN trivially...

1) Knowing that the company could have used other identifiers to reliably identify the debit card or customer I don't really get why they decided that asking last 8 digits is the best way to handle their support case.

2) PCI DSS is having a sort of a loophole here as phone lines can be considered 'private' (i.e. no cryptography or other relevant protection means required) and many card data protection requirements are related to data storage. So asking 8 last digits is still likely PCI DSS compliant even though not the most secure option to handle the support case...

#pcidss

Last updated 2 years ago