Horror Stories: Timehop’s MFA Mishap

by Sarah Harvey / June 14, 2023

On July 4, 2018, Timehop, a self-proclaimed “daily nostalgia product,” discovered a data breach where up to 21 million users were impacted. Timehop is a memory-sharing app, enabling users to distribute posts from the past; Timehop connects to users’ social networks and photo storage apps – Twitter, Instagram, Facebook, Dropbox, Google Photos, iCloud, etc. For them, this breach was a nightmare because of the nature of their services. When users…

What is PCI Requirement 10.7 and What is an Audit Trail History?

by Randy Bartels / April 12, 2023

 PCI Compliance and Audit Trail History Now that you’ve implemented logging, what do you to them? PCI Requirement 10.7 asks that you retain audit trail history for at least one year, with a minimum of three months immediately available for analysis. A year is the recommended length of time because it may take a few months to notice a compromise. A year’s worth of audit trail history can be…

PCI Requirement 4 – Encrypt Transmission of Cardholder Data Across Open, Public Networks

by Randy Bartels / April 12, 2023

PCI Requirement 4 demands, “Encrypt transmission of cardholder data across open, public networks.” How will this requirement benefit your organization? Complying with PCI Requirement 4 will help prevent your organization from being a target of malicious individuals who exploit the vulnerabilities in misconfigured or weakened wireless networks. So as a safety measure, sensitive data that you transmit over open networks must be encrypted. Assessors will be evaluating whether your organization…

Guide to PCI Compliance – Navigating PCI DSS v3.2

by KirkpatrickPrice / April 12, 2023

What is the PCI DSS? The PCI Security Standards Council was jointly developed by the payment card brands to encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. It ensures that all data that lives within the Cardholder Data Environment (CDE) is protected and secured from theft or unauthorized use. Any merchant, service provider, or sub-service provider who stores, processes, or transmits…

Introduction to PCI Requirement 2

by Randy Bartels / April 12, 2023

What is PCI Requirement 2? PCI Requirement 2 mandates, “Do not use vendor-supplied defaults for system passwords and other security parameters.” Were you aware that vendor-supplied default passwords and settings are well-known among the hacker community? PCI Requirement 2 was created to fight the malicious individuals who try to compromise systems with the vendor-supplied default information. PCI Requirement 2 focuses on hardening your organization’s systems and assets. We’re here to…