Dara Security

Archived News from 2017

The State of Security in 2017

As 2017 comes to a close, we may be celebrating our wins and counting our blessings.  It is certainly worthwhile to do so.  However, the end of the year is also a good time to reflect on what we could have done better.  Regarding information security, Verizon’s 2017 Data Breach Report is a valuable resource that reminds us how we can better secure our information going forward.

According to Verizon’s Report, 61% of data breaches occurred in businesses with under 1,000 employees.  The fact that over half of reported breaches impacted small businesses...

Read More

Penetration Testing: PCI DSS Requirement 11.3

window.onload=document.location.href = '/content/Infographic_Pentesting_1.3.pdf'; View this PDF

Read More

Changes to PCI DSS 3.2

The PCI DSS 3.2 standard includes many improvements from previous versions, all of which aim to increase cardholder data protection.  We have seen the standard evolve from version 1.1 in 2006 which outlined the basics of the twelve PCI requirements to the current version 3.2 where the twelve requirements have been detailed with extensive explanations, testing procedures, and guidance.  Most notably, the current version lists nine requirements that are best practices until January 31, 2018, after which time they will become official requirements under the PCI DSS...

Read More

The Anatomy of a PCI DSS Audit

window.onload=document.location.href = '/content/PCI_Audit_Infographic.pdf'; View this PDF

Read More

PCI’s Self-Assessment Questionnaire

Compliance with the PCI DSS standard is achieved via different methods.  For eligible merchants and service providers, validating and reporting PCI DSS compliance could be via the PCI DSS Self-Assessment Questionnaire (SAQ).  The SAQ is a tool for eligible entities to evaluate and report PCI DSS compliance through self-assessment.  As the SAQ document is a a significant part of the PCI Council’s tools to help ensure the safety of cardholder data, it is important for all eligible merchants and service providers to complete their SAQ.

PCI’s SAQ Instructions...

Read More

HIPAA Gap Assessment

window.onload=document.location.href = '/content/HIPAA_infographic.pdf'; View this PDF

Read More

What's Your Data Worth?

As the number of cyberattacks continues to climb, businesses have remained vigilant in doing all they can to protect their customers' payment card data.  Data protection strategies have varied from regularly testing and strengthening network perimeters to ensuring stolen data is worthless to hackers.  Devaluing data so that it is no longer desirable to thieves can be achieved by implementing EMV chip, Point-to-Point Encryption (P2PE), and Tokenization.

EMV chip technology prevents payment cards from being cloned.  The embedded chip enables a transaction code to be...

Read More

P2PE vs Tokenization

window.onload=document.location.href = '/content/P2PE_infographic.pdf'; View this PDF

Read More

Dara Security Establishes College Scholarship

In keeping with Dara Security’s mission to encourage future generations of Computer Engineers, the company recently established a $1,000 Scholarship at the University of Nevada, Reno. The scholarship is available to Juniors and Seniors working towards their Bachelor of Science in Computer Science and Engineering. The first scholarship will be awarded for the 2017-2018 school year.

When UNR opened its Cybersecurity Center in 2014, we immediately saw a partner in our mission. They recognize the enormous implications cybersecurity has on the economy, military, personal and...

Read More

Biometrics and the Payment Industry

Analysts have continued to predict each year that biometric authentication will hit center stage in payment security.  Experts assure us that facial-recognition or retinal scans are no longer ideas for the future, but analysts declare that biometric techniques like these can play an integral part in payment security today.  Although we have yet to see these predictions become reality, we are closer than ever to see biometrics-based security techniques within payment systems. 

Biometric authentication involves measuring and analyzing physical...

Read More

PIN Security and Key Management

Organizations handling debit and ATM personal identification numbers (PINs) are responsible for safeguarding this sensitive information.  This responsibility not only makes sense from a customer service perspective amidst rising identity theft cases, but keeping PINs secure is required to comply with the American National Standards Institute (ANSI) rules on PIN security and for membership in major payment networks like NYCE, Pulse, and Star. 

Payment networks require their members to complete and submit the Technical Report 39 (TR-39) every other year to maintain good...

Read More

Visa’s QIR Mandate: Are You Certified?

Effective January 31, 2017, Visa will officially require merchant acquirers to ensure that Level 4 merchants use only PCI QIR professionals for POS application and terminal installation and integration.  The purpose of Visa’s QIR mandate is to shore up payment security, specifically the weak practices in remote access to payment systems that have caused many breaches affecting smaller merchants.

Visa defines the Level 4 merchant category as businesses that process fewer than 20,000 Visa e-commerce transactions each year and merchants processing up to 1 million Visa...

Read More