Comments for Payment Systems Blog

Comment on SSL / VPN / Direct Connection connecivity options by Patrick

Patrick — Sat, 19 Nov 2011 16:52:57 +0000

My message requests are in the byte size range but number very high. SSL would greatly increase the message size (with Cert exchanges) as well as require massive hardware to handle encryption/decryption.

Comment on Transaction Types 101 by On-Line Strategies

On-Line Strategies — Wed, 02 Nov 2011 14:47:53 +0000

Thanks David – great resource to clarify these terms.

Comment on International Merchants with EMV no longer need to have PCI Compliance validated by Josh G.

Josh G. — Wed, 21 Sep 2011 14:19:48 +0000

Nice to hear that, Visa is rewarding investments in EMV and Card Authentication with a potential of lower PCI compliance costs. I am aware of another such service provider with global scalability and easy to integrate security services globally.

TeleSign INC offers two-factor authentication which has already processed more than 1 billion transactions while maintaining enterprise-level uptime. TeleSign’s solution is fully redundant on all hardware, network, and telecommunications layers.

As a global leader in phone-based authentication and verification services TeleSign has coverage in more than 200 countries and 50 languages. I would suggest you to please visit http://www.telesign.com for more details about their products.

Comment on Free tools to Find Cardholder Data for PCI or PABP by ControlCase

ControlCase — Tue, 05 Jul 2011 10:15:06 +0000

ControlCase is providing a FREE tool for finding card data. Go to http://cdd.controlcase.com/cdd/downloads/ to download

Comment on Free tools to Find Cardholder Data for PCI or PABP by Ron

Ron — Fri, 10 Jun 2011 04:27:37 +0000

I tried the Card Recon download link but found it has moved. Updated link: http://www.groundlabs.com/products/getfree

Comment on PIN Block Formats – The Basics by Moisés Guimarães

Moisés Guimarães — Wed, 25 May 2011 20:26:03 +0000

Hi David, nice blog.

What happens with the length of PIN in the ISO 3 format when it is bigger than 9? Does it goes to A, B, C… to allow PINs of 12 digits?

Comment on Free tools to Find Cardholder Data for PCI or PABP by Fred

Fred — Sun, 15 May 2011 12:10:51 +0000

A fast and low false-positive rate tool : PANBuster.

http://www.xmco.fr/panbuster.html

It’s free and it’s available for Windows and Linux.

Comment on Free tools to Find Cardholder Data for PCI or PABP by Gavin

Gavin — Tue, 15 Mar 2011 01:21:15 +0000

One tool not noted in the list is Card Recon Free Edition – http://www.groundlabs.com/crfe

Card Recon is very popular amoungst QSAs given it it purpose built for PCI.

Comment on Swiping the Card at a Customer’s location by Electronic Payment Gateway

Electronic Payment Gateway — Fri, 25 Feb 2011 18:56:25 +0000

Rewards programs have really come a long way!

Comment on LastPass.com asks to store CVV2 code for Automatic Form Filling by Merchant Services Online

Merchant Services Online — Sun, 06 Feb 2011 00:46:28 +0000

So, from what I understand if a merchant is using LastPass to store the passwords from their computer the would pass a PCI Audit right? Since they still have to log into the encrypted online service before it will auto fill the data. I personally love the tool even better now that they have acquired Xmarks so not only do you have all of your Passwords in a Password vault you also have a backup incase you loose the computer or it is destroyed in a fire or such.. The same goes for all your business related bookmarks such as important sites for day to day tasks. I have seen the credit card feature in the software I have not yet trusted to enter that data in just yet. My only other concerns would be if a cookie was collected in a coffee shop and then replayed by a hacker would they get into LastPass that has been my only fear about these types of solutions however I have been told that they have some type of encryption to protect against that too, where as other have not figured out how to protect the cookie passed through IP.