The Perils of Relying on P2PE

August 21, 2018 • Published Categories PCI 101Tags , , ,
P2PE is no security silver bullet!

Point-to-point Encryption (P2PE) is an awesome tool for securing retailers’ payment card data. ControlScan highly recommends it in every environment where it’s feasible and cost effective to do so. (We operate security infrastructure in many retail environments with integrated POS systems, where P2PE is either … Read more

EMV is Not a Security Technology

July 1, 2015 • Published Categories Best Practices, UncategorizedTags , , , , ,

What? You are probably aware that chip cards (EMV) will ultimately replace magnetic stripe cards. You are also likely aware that if your business accepts credit cards then you must be able to accept EMV cards by October, 2015, or you may have to pay … Read more

PCI DSS v3.1 and SSL: What you should do NOW.

March 5, 2015 • Published Categories Best PracticesTags , , , , , , , , , ,

12/21/15 Update: The PCI SSC is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher). Learn more here.  4/15/15 Update: The PCI SSC released PCI DSS v3.1 on its … Read more

“Is it OK to enable remote access to my back office PC?”

September 4, 2014 • Published Categories PCI 101Tags , , , , , , , , , ,

Question: Is LogMeIn PCI Compliant for a restaurant back office PC? I heard that leaving an open connection is not compliant. Answer: A remote access program such as LogMeIn can be PCI compliant; however, it must be securely implemented using multiple factors of authentication to … Read more

3 Basic Ways to Avoid PCI Paralysis

June 10, 2014 • Published Categories PCI 101Tags , ,

Combat security threats while achieving PCI compliance. Over the past several months, a barrage of news stories and opinion pieces has sent a worrisome message: The payment security war is being lost because PCI standards are failing us. This defeatist belief that the hackers have … Read more