Tags Archivespayment processing

Visa Releases Data Field Encryption Guidance standard

Earlier this week Visa, Inc. released a best practice bulletin on data encryption that details five security goals1, and thirteen best practices that companies can implement to meet them. The five goals as listed in the bulletin are: Limit cleartext availability of cardholder data and sensitive authentication data to the point of encryption and the point of decryption. Use robust key management solutions consistent with international and/or regional standards. Use key-lengths and cryptographic algorithms consistent with international and/or regional standards. Protect devices used to perform cryptographic operations against physical/logical compromises. Use an alternate account or transaction identifier for business processes that requires the primary account number to be utilized after authorization, such as processing of recurring payments, customer loyalty programs ...

Continue Reading

MerchantWARE Goes Blackberry, and the story of the unvalidated payment application standard

The Merchant Maven posted a release about Merchant Warehouse’s new Blackberry version of MerchantWARE, following in the footsteps of the apparently successful iPhone application.  This new trend is yet another example of a need for good moble payment security. While the software company states that the application complies with both PCI DSS and PABP, it is not listed on the official Validated Payment Application list as either validated under PABP or PA-DSS.  That only means that they have not had an assessment performed and paid the required fees to get it listed on the site. Acquirers are wary of Point of Sale (POS) vendors and POS implementers, all because of a few bad apples.  The restaurateur is at a particular ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!