Security News

The PCI SSC published the latest version of its device security standard for Hardware Security Modules. The PCI PIN Transaction Security Hardware Security Module Modular Security Requirements Version 4.0 ensures that HSM devices provide the strongest protection for critical data elements used in card verification, PIN processing, chip transaction processing, payment card personalization, secure cryptographic key loading, remote HSM administration and other payment authentication activities.

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments. A further 29.3% said that they had no confidence in their own company's compliance when it came to PCI DSS. Lack of confidence in the PCI standards.

PLDA announced the launch of their XpressRICH PCI Express Controller IP for the PCIe 6.0 specification. To compensate for the higher BER, XpressRICH for PCIe 6.0 architecture implements FEC combined with CRC. XpressRICH for PCIe 6.0 architecture also supports the new L0p low power mode, enabling traffic to be transmitted on a reduced set of lanes, reducing power consumption without impacting traffic flow.

Version 1.1 of the PCI Secure Software Standard introduces the Terminal Software Module, a new security requirements module for payment software intended for deployment and operation on PCI-approved PIN Transaction Security Point-of-Interaction devices. "The PCI Secure Software Standard is designed to offer a more flexible approach to how we test the security and integrity of payment software," said Emma Sutcliffe, SVP Standards Officer, PCI Security Standards Council.

This agreement brings Semafone into the Avaya ecosystem of alliances, with the goal of helping contact center customers solve the complex security and compliance challenges faced as they embrace a work from anywhere model. The integration of Semafone's, DevConnect certified, secure payment technology with Avaya OneCloud enterprise Session Border Controller, enables Cardprotect Voice+ to be deployed and used across all global Avaya OneCloud contact center solutions.

PCI Pal announced the appointment of Mufti Monim as Chief Technology Officer to direct the strategic technical vision for the company. Mufti joins PCI Pal from Deko, the retail finance cloud technology provider where, as CTO, he led the product and engineering teams, developing a market-leading platform used by more than 1700 merchants and processing more than 2 million credit applications, worth in excess of £2bn. Prior to working at Deko, Mufti was Head of Technology at Lebara Money, where he created an international money transfer platform, achieving £100 million worth of transfers within its first 12 months of operation.

Synopsys announced complete IP solution for the PCI Express 6.0 technology that includes controller, PHY and verification IP, enabling early development of PCIe 6.0 system-on-chip designs. Built on Synopsys' widely deployed and silicon-proven DesignWare IP for PCIe 5.0, the new DesignWare IP for PCIe 6.0 supports the latest features in the standard specification including, 64 GT/s PAM-4 signaling, FLIT mode and L0p power state.

Windstream Enterprise announced that it has renewed Payment Card Industry Data Security Standard compliance for its entire portfolio of SD-WAN and Managed Network Security services. Compliance with PCI DSS provides independent verification from a Qualified Security Assessor to ensure the highest levels of security and compliance for the processing, storage and transmission of cardholder data.

The PCI Security Standards Council has published version 1.1 of the PCI Secure Software Lifecycle Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework.

In addition to the continued decline in compliance, the current iteration of PCI DSS is expected to be replaced by PCI DSS 4.0 in mid-2021, with an extended transition period. The core principle of the PCI DSS is to protect cardholder data, and with PCI DSS 4.0, it will continue to serve as the critical foundation for securing payment card data.