controlgap.com

The adoption of 8-digit BINs in 2022 has already created many transitional challenges for organizations needing access to the full BIN numbers (see 8-Digit BINs are Just Around the Corner). For entities that must comply with PCI DSS and need access to the full BIN, there are well documented issues with masking, truncation, and DSS scope. Many organizations will focus on their data-at-rest. However, don't overlook the PCI implications of data-in-transit as well.

Update: In December 2021, the PCI DSS truncation rules were changed to mitigated many issues identified in this article, for more details please see https://controlgap.com/blog/8-Digit-BINs-Great-PCI-Truncation-Reset

If your business processes or stores the full-BIN, you need to know if you will be impacted by Visa's Numerics Initiative (i.e., the 8-Digit BIN expansion mandate)....

Welcome to This Week’s [in]Security. This week:  Facebook's terrible week - 1 tiny step forward and 3 major leaps backwards, highlights from the annual PCI meeting, the 2018 Verizon Payment Security Report,  welcome to the twice breached club, GDPR and British Airways, Uber fined, California's IoT law, 762 bit number factored, and Visa's Certificate Authority is in trouble.

Now here's this week’s selection of news, opinions, and research. Quickly skim annotated links organized by topic: compliance and payment security, breaches, regulation, bugs, privacy, hacking/malware, other security & risk, and more. We hope you enjoy and find them useful.

PCI Rules Aren't the Only Ones You Need to Comply With

Most organizations concerned with payment compliance are focused on the PCI Data Security Standard (DSS), but PCI is only part of the story. Every card brand and payment association has their own operating rules and regulations that also need to be followed. Many of these rules and regulations fly below the radar of most people and organizations. However, sometimes these rule changes have far reaching impacts.