Dara Security

Recent Articles

Biometrics and the Payment Industry

Analysts have continued to predict each year that biometric authentication will hit center stage in payment security.  Experts assure us that facial-recognition or retinal scans are no longer ideas for the future, but analysts declare that biometric techniques like these can play an integral part in payment security today.  Although we have yet to see these predictions become reality, we are closer than ever to see biometrics-based security techniques within payment systems. 

Biometric authentication involves measuring and analyzing physical...

Read More

PIN Security and Key Management

Organizations handling debit and ATM personal identification numbers (PINs) are responsible for safeguarding this sensitive information.  This responsibility not only makes sense from a customer service perspective amidst rising identity theft cases, but keeping PINs secure is required to comply with the American National Standards Institute (ANSI) rules on PIN security and for membership in major payment networks like NYCE, Pulse, and Star. 

Payment networks require their members to complete and submit the Technical Report 39 (TR-39) every other year to maintain good...

Read More

Visa’s QIR Mandate: Are You Certified?

Effective January 31, 2017, Visa will officially require merchant acquirers to ensure that Level 4 merchants use only PCI QIR professionals for POS application and terminal installation and integration.  The purpose of Visa’s QIR mandate is to shore up payment security, specifically the weak practices in remote access to payment systems that have caused many breaches affecting smaller merchants.

Visa defines the Level 4 merchant category as businesses that process fewer than 20,000 Visa e-commerce transactions each year and merchants processing up to 1 million Visa...

Read More

Vulnerability Handling Policy – An Unexpected PA-DSS Surprise?

Point of Sale software vendors that have or are planning to go through the PA-DSS validation process are aware of the requirement detailed within the Payment Application standard.  These requirements range from ensuring proper software development and testing processes and support procedures are in place to include detailed technical requirements around password and logging controls.  In addition, many vendors are aware that at the end of their validation process there is an attestation document and a Vendor Release Agreement that must be executed in order for the PCI SSC to...

Read More

The Importance of Cyber Security Awareness

October was National Cyber Security Awareness Month (NCSAM).  This annual campaign, now in its thirteenth year, is a collaborative effort between government and private industry to educate and engage everyone about cybersecurity.  Through the years, NCSAM has raised cybersecurity awareness for consumers of all ages, small businesses, corporations, and educational institutions.

This year’s theme was Our Shared Responsibility, suggesting that our individual behavior online affects many others whether we realize it or not.  Similar to previous years, NCSAM 2016...

Read More