October 10, 2019 •
As of last week—October 1 to be exact—all new assessments for protection of payment card personal identification number (PIN) data must be performed against the latest Payment Card Industry (PCI) PIN Security Requirements and Testing Procedures, version 3.0. The now-effective PCI PIN Security Standard includes changes to requirements and sunset dates that may have a […]
Encryption • Payment Security • PCI Compliance
August 13, 2019 •
A new exploit known as e-commerce skimming is making the rounds. The PCI SSC recently released a blog warning of the growing threat of digital skimming, followed immediately by a bulletin from Visa warning of the same. There are three important areas to consider that will help protect your website from e-commerce skimming.
Coronavirus • Payment Security • Website Security
June 28, 2019 •
Late in the day on a recent Friday, a new customer began installation of the ControlScan Managed Detection and Response (MDR) service to their end user systems. This customer is an SMB (small to mid-sized business) that relies on personal computers to keep their business running. Sound familiar?A few hours after the customer’s implementation was complete—at 12:05 a.m. Saturday to be exact—our MDR service blocked an attempted execution of malware that was present on one of their remote office computers.As it turns out, this active malware had been on the remote office machine since October 2018. With each user login, the malware was executing and performing data harvesting, as well as making attempts at lateral movement and propagation.
Active Monitoring • MDR
March 20, 2019 •
Counterfeit payment cards, stolen payment cards, use of an assumed identity to complete a credit card application… these are easily-recognizable examples of payment card fraud. When a fraud incident occurs in the retail setting, it’s often contained with only small losses occurring to the merchant involved. But what happens when a payment card data breach occurs at that same business? Are its causes and consequences basically the same?
Payment Security • Point of Sale
November 15, 2018 •
Security automation is a hot topic these days, mainly because it’s become humanly impossible to keep up with the sheer volume and variance of cyber threats hitting organizational IT networks at any given time. Even with the best security defenses in place, sooner or later an attacker is going to get through. The goal, of course, is to discover the attack and mitigate it as quickly as possible—and that’s where security automation can be extremely valuable.
Active Monitoring • MDR
November 5, 2018 •
Here at ControlScan, a big part of our day-to-day lifestyle is knocking down threats and cyberattacks for our customers’ businesses as well as our own. Cybersecurity is where we live, so sometimes we lose sight of the fact that none of this makes any sense to a non-technical person. One topic we field a lot of questions on is event correlation. Let’s take a look at what it is and how it positively impacts your cybersecurity efforts.
Endpoint Security • MDR • Ransomware
October 31, 2018 •
Once an obscure processing model for special situations, the business of payment facilitation is now burgeoning. There are many benefits to becoming a payment facilitator, including increased control over the user experience. Unfortunately, the same qualities that serve as benefits often raise the payment facilitator’s PCI risk.
October 2, 2018 •
There’s a lot of buzz in the marketplace these days around SIEM, which is Security Information and Event Management. I’ve had people tell me that their SIEM technology isn’t of much use, and others tell me that it’s critical to their business’s everyday security posture. The vast difference between those two is usually the same thing, which is how the related tools are deployed, and what the staff around them looks like.
Active Monitoring • MDR • SIEM
August 16, 2018 •
In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. We’ve identified the number one reason businesses fail their PCI QSA audit, and it’s not what you may think.