Every year the best hackers from all over China join a popular hacking event to showcase their best hacking capabilities. The event that goes by the name of Tianfu Cup, offers the opportunity for hackers to break into the latest devices and systems while using unique, never-seen methods.
Fimmick is a well-established Hong Kong marketing firm with office locations across China, they represent big clients such as McDonalds, Coca-Cola, and Shel. This firm has been the latest target by the known Russian ransomware organization which goes by the name of REvil.
A company’s worst nightmare consists of potential malicious threats and breaches to its customer database. Zero-day hacking attacks are done by outside parties by discovering and exploiting vulnerable software malfunction of which a vendor and his development team may not be aware.
PCI DSS has announced that it will be improving its security standards concerning payments done through mobile devices. Currently, there are two separate standards mandates, the first being software-based and working around PINprotection (SPoC)
Within the last two years, we have seen many storefronts migrate to a full eCommerce business, as well as other business types are required to provide online payment methods for their customer’s convenience and accommodation due to covid-19 restrictions. These companies that are now collecting customers’ personal information, along with payment information either over the phone or online are exposed to new potential breaches and threats due to the additional collection method.
By now everyone is adapting to the new 3DS 2.0 and MIT framework mandate which was introduced back in 2019. However, for some merchants, the 3DS 2.0 transaction flow continues to present challenges to their business processes. The most common concern we have received regarding the 3DS process is related to the BIN, while the roadblock may be different from Merchant to Merchant the underlying issue is the same and relates to the 3DS’ need to collect the BIN on the front end before Merchants have had a chance to analyze it.
The PCI council has been working hard to update and deliver a new version of the PCI DSS standard. Currently, the target date for the PCI DSS v4.0 release is estimated to be March 2022. This revision will be requesting for industry professionals to review and provide feedback about the draft before the final version is released in March.
The PCI Software-Based PIN Entry on COTS (SPoC) Standard provides requirements for developing secure solutions that enable EMV contact and contactless transactions with PIN entry on the merchant’s consumer device using a secure PIN entry application in combination with a Secure Card Reader for PIN (SCRP).
PCI Compliance mandate works to protect Merchants and consumers from fraudulent activity that could occur during the payment process. Most businesses are familiar with PCI Compliance regarding online payment collection but may not be aware of PCI Compliance when processing payments over the phone. Whether your business is operating a singular phone line or multiple lines at once, it is important to familiarize yourself with the risks associated with accepting sensitive payment information during a phone call.