WannaCry – A Stop of A Never-Ending Journey

Ok, everyone seems to be writing about it so here’s my take so far. A professional code of malware extended in a pretty silly way that somehow got into computers of companies. And hackers collected well below $100,000.

Continue reading WannaCry – A Stop of A Never-Ending Journey

Why Enigma Bridge is the best option available for cloud security

The main reason we want to use cloud technologies is because they simplify cost management and allow us spend only as much as we need at any given time. The question is how secure it is and what risks are acceptable.

Continue reading Why Enigma Bridge is the best option available for cloud security

Online and Mobile Banking Fusion

Banks simplify access to our bank accounts. They keep relaxing security while hoping to replicate the boiling frog story. The trouble is that no-one dies and someone will figure out – sooner rather than later.

Debit-cards

I touch on a few things: using online banking to find valid card numbers, and date of birth, increasing chances for unauthorised access, lowering security of login credentials and changing role of debit cards.

Continue reading Online and Mobile Banking Fusion

Tokenisation – Introduction

Tokenisation is a hot topic as it makes card processing cheaper and more secure. The goal is to replace your card number with a random number that is hard to use for unauthorised transactions – and it removes the need to encrypt databases.

What we are primarily looking at now are mobile payments but we are designing solutions for e-commerce as well. Payment processing involves re-encryption of PINs (PIN-blocks) for card-present transactions.

PIN_reencryption-min

Continue reading Tokenisation – Introduction

Card Payments and The Cloud

We are now integrating encryption into a corporate infrastructure and it made me think about payments and PCI audits. PCI stands for Payment Card Industry. Anyone who got close enough to e-commerce, or card payments knows what a burden it is on running a business.

Sooo, I have spent some time this week thinking about architectures for “technical security systems”. I could say “cryptography” straight away, I guess. Thinking about protecting sensitive data that may be subject of independent audits.

The scope of PCI audits is given by storage and processing of credit card numbers and PINs (in case of Chip&PIN systems). Once you experience the pain, you definitely want to get “out of scope”. This is true for merchants just as banks.

Screen Shot 2015-09-26 at 00.10.41

Continue reading Card Payments and The Cloud

“One time passwords” are not passwords

We did a bit of research into what IT start-up companies need in terms of security. I did expect that secure authentication / logons would be at the top but I was surprised that OTP (one time passwords) were at the bottom.

tumblr_inline_nuaqujon1g1tc653u_540

Continue reading “One time passwords” are not passwords