Friday, February 20, 2015

SSL no longer acceptable for data protection, PCI SSC says

The Payment Card Industry Security Standards Council (PCI SSC) has announced that no version of secure sockets layer (SSL) technology meets its definition of "strong cryptography." Accordingly, it will need to revise its Data Security Standard and Payment Application Data Security Standards.
According to a PCI press release, the announcement was based on finding by the National Institute of Standards and Technology that the Secure Socket Layers v3.0 protocol is no longer acceptable for protection of data due to inherent weaknesses within the protocol.
With no known way to remediate vulnerabilities in the SSL protocol, the PCI SSC is urging organizations to work with IT departments and partners to determine whether they are using SSL and what options they have for upgrading to a strong cryptographic protocol as soon as possible.
Once published, PCI DSS v3.1 will be effective immediately, however, affected requirements will be future-dated to allow organizations time to implement the changes.

Monday, February 09, 2015

First Data, Capgemini announce tech development partnership

According to Retail Customer Experience, "Payment technology firm First Data Corporation and Capgemini, provider of consulting, technology and outsourcing services, announced they have formed a global alliance to develop next-generation payment technology software using First Data's VisionPLUS and AccessPLUS solutions. According to the companies, this collaboration will leverage Capgemini's global vertical industry and payments expertise and First Data's suite of payments solutions."
Web Analytics