Christmas came a little bit early this year. Last Friday, our friends over at Coalfire published an excellent whitepaper titled “Complying with PCI-DSS Requirement 9.9 - A Qualified Security Assessor’s Perspective” that is a thought provoking and practical look at the implications the requirement will have on merchants.
If you're not aware of it yet, requirement 9 covers physical security of the point-of-sale (POS) terminals in a merchant environment. Requirement 9.9 is brand new and deals explicitly with the prevention of POS device tampering or substitution.
Collectively called “skimming,” these attacks are on the rise and can be easy to miss until it’s too late. But not if you have a good process and procedures in place for regularly, consistently inspecting your devices.
So between sips of eggnog and the “It’s a Wonderful Life” reruns (or my personal favorite – “A Christmas Story”) take a few minutes to read this short paper. – you can get it here.
When the deadline for complying with PCI DSS version 3.0 and all its changes hits on July 1, 2015, you’ll be glad you started thinking about it now.
And from all of us here at Termtegrity, have a safe and joyful holiday season!