Dara Security

Recent Articles

Migrated from SSL and Early TLS Yet?

In 2015, the PCI Council recognized the need to move away from earlier forms of the Internet security protocol Secure Sockets Layer / Early Transport Layer Security (SSL/TLS).  This cryptographic protocol is used to establish a secure channel between two systems by authenticating one or both systems and protecting the information passing between the systems.

PCI has acknowledged that SSL/TLS is an unsafe method for protecting sensitive data online.  In fact, the widespread use of SSL/TLS has motivated attackers to find flaws, giving rise to serious vulnerabilities such as...

Read More

The PCI 3DS Core Security Standard

EMV® Three-Domain Secure (3-D Secure, or 3DS) is a messaging protocol that enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce purchases. The additional security layer helps prevent unauthorized CNP transactions and protects the merchant from exposure to CNP fraud. The three domains consist of the merchant/acquirer domain, issuer domain, and the interoperability domain (for example, Payment Systems).

3DS Assessors are able to assess a service provider providing 3DS services against the PCI 3DS Core Security...

Read More

P2PE: A Valuable Tool for Merchants

Through Point-to-Point Encryption (P2PE), data is encrypted upon entry by a certified card terminal and continues to be encrypted until the data reaches a secure point of decryption outside of the merchant environment.  This secure point of decryption is a validated PCI P2PE solution provider.  Benefits of P2PE include making sensitive and protected data unreadable by unauthorized parties.  This data is devalued because it is unusable in its encrypted form.  Another benefit is that P2PE significantly simplifies PCI compliance.  The P2PE Self-Assessment...

Read More