Category Archives: Security

DROPbox?

22 Wednesday Oct 2014

Posted by in Cloud, Security

Leave a comment

Tags

,

Terrible publicity for Dropbox, it started with an article on the 11/10 where Edward Snowden said “Get Rid Of Dropbox,” Avoid Facebook And Google.

Today, yet an other bad news from Dropbox with “An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox.”

Consider using SpiderOak

Is your online retailer or Service provider keeping their Payment Card Industry certification up to date?

11 Friday Jul 2014

Posted by in Cloud, Payment, Security

Leave a comment

Tags

, , , ,

Several weeks ago, I wrote about PCI certification. A certification is valid for one year and therefore needs to be renewed.

Visa keeps track of the registry @ http://www.visa.com/splisting/searchGrsp.do

According to Visa:

“For service providers published on the Registry, if Visa does not receive the appropriate revalidation documents:

  • Within 1 – 60 days upon expiry of the validation documents, the service provider will be highlighted in Yellow on the Registry.
  • Within 61 – 90 days upon expiry of the validation documents, the service provider will be highlighted in Red on the Registry.
  • After 90 days, the service provider will be removed from the Registry.

Whereas you shop online or whether you outsourced your online payments to an external provider, it might be worth periodically checking the online status of their PCI certification.

PCI The Payment Card Industry Data Security Standard : Only 11.1% OF COMPANIES MET ALL THE DEMANDS OF DSS 2.0 IN 2013

27 Thursday Mar 2014

Posted by in Payment, Security

1 Comment

Tags

image

Hi there,

A couple of weeks ago, I updated you on the risk of PCI not being prescriptive in terms of governance.

The new report published by Verizon is really worrying: In 2013, only 11% of companies met 100% of the security norm standards.

What is PCI : “The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment”.  (Source)

The report highlights a significant improvement from 2012, when 7.5% of companies were fully compliant. Really? Is that significant? This is absolutely terribly low.

PCI requires that some routine and periodic tasks be performed. Frequencies vary from monthly, quarterly, biannual, and annual.

  •  For example, only 39.6% of companies complied to the control 11.3.a (Perform external and internal penetration testing at least once a year).
  •  An other example: 68.9% OF COMPANIES MET ALL THE DEMANDS OF REQUIREMENT 3 (Protect stored cardholder data) IN 2013. Really?

Visa Europe provides up to date information on PCI compliancy, you may want to check it out before your next online purchase.

You can also  be checking PCI merchant list on https://www.visamerchantagentslist.com/

PCI 3.0 was released in November 2013 and still does not address the continuous controls. How do you call a child who does not work during the year  and just wait for the final exam?