PSC Payment and Security Experts
Services Solutions Allinaces Company Resources
   Resource Center
   White Papers
   Industry Resources
   In the News
   Customer Bulletins

PSC White Papers

To download the white papers please complete the form at the bottom of this page.

Comparison of PCI Data Security Standard: Requirements and Security Assessment Procedures


PSC expert security assessors and analysts have published an analysis of the impact of PCI Data Security Standard version 1.2, released October 1, 2008. This paper performs a word by word comparison of the new PCI criteria against the old PCI DSS version 1.1. Each section is evaluated for impact over the prior standard to give merchants and service providers an understanding of the impact of these changes. This paper is prepared for PSC customers and select prospects as a quick reference to the new PCI standard.

Here are a few comments from PSC customers about this paper:

"This is a fabulous analysis of the new standard and was presented to us in time to plan projects for the coming year" -- Large Multi-media Company

"Now I understand how to explain the impact of PCI version 1.2 to my executive management team"  -- Chief Security Officer very large retailer

"This was the most timely release of information and is far better than the comparison document produced by the Standards Council." -- Head of Compliance for large apparel retailer

FREE for Download

Credit Card Information Surrogate "A Method and System for using surrogates to integrate PCI-level security for legacy information systems"

This paper presents a method and system for assignment of a consumer credit card surrogate, based on card account number issuing methods. The method offers a solution to the drawback presented by using a SHA1 message digest, specifically for credit card numbers. The proposed solution appears to have all the positive characteristics noted for a digest, and the surrogate I describe fits into a 16-digit numeric credit card field in legacy file systems or databases. I am pleased to introduce the Card Account Surrogate or Token. A national space account number that has the random aspects of a digest, uniquely identifies a customer account, has no value to an outside individual, and passes the Luhn check used to validate card account numbers.

Click to download PDF with details.

Implementing PCI "A Guide for Network Security Engineers"

This paper provides architectural guidance for network security engineers who are responsible for implementing systems and technologies that are in compliance with the PCI Data Security Standard (PCI DSS). It analyzes the requirements that are specifically related to network security and describes approaches for achieving compliance in accordance with the spirit of the standard, while respecting the cost of deployment. At the conclusion, a section covering next steps for the network engineer provides general guidance for the engineer chartered with implementing PCI compliant network architecture.

10 Myths about PCI Compliance

  1. I'm a small merchant, who only takes a handful of cards, so I don't need PCI
  2. PCI only applies to E-commerce companies
  3. You only have to be compliant with the majority of criteria
  4. If I only process credit cards I don't need to do PCI
  5. I can wait until my business grows
  6. I can just answer "yes" to all the criteria on the self-assessment
  7. As a merchant I'm not liable if a credit card is compromised
  8. I can wait until my bank asks me to be compliant
  9. As a Merchant, I did not sign anything, saying I would be complaint; therefore, I do not need to be.
  10. As a Merchant, I'm entitled to store any data
Click to download PDF with details.

Practical Security Awareness for Merchants

By Tom Arnold, PSC Partner, Cofounder

FREE for Download

An Electronic Citadel

By Tom Arnold, PSC Partner, Cofounder
This paper presents the Electronic Citadel, a system where sensitive date is encrypted such that it may be validated at any time in the future but the original data may only be retrieved during a defined time period.

FREE for Download



Download Request Form

PSC principals have written and presented in a wide range of forums, addressing issues in identity management, computer security, payments, and digital property. Please complete the following information to recieve a follow-up email with the PSC Whitepaper of your choice. Thank you.

* Mandatory Fields

*Name:
Title:
*Company:
*Email:
*Phone:
 
Please select the PSC Whitepapers you would like to recieve?
Comparison of PCI Data Security Standard
Practical Security Awareness for Merchants
An Electronic Citadel
 
From time to time, PSC produces training classes for general attendance. Would you like to be notified of these training classes?
Yes
No
 
 
 




Proven Solutions For:
Proven Services:
Copyright © 2008 PSC. All Rights Reserved. Privacy Policy | Site Map