We're over the moon to announce that Foregenix has been placed at No 59 in the 3rd annual Sunday Times Lloyds SME Export Track 100! Our fantastic clients and talented team were instrumental in helping us achieve this recognition. We are delighted, so thank you to all. This was published in the Business section on Sunday, as well as on the Sunday Times tablet edition and online.
As it stands, Foregenix have certified 70% of the current P2PE Applications and 40% of P2PE Solutions globally - so we have our fair share of experience and knowledge in a relatively new market. We asked one of our leading Consultants, Paolo Basilio, a few questions that frequently crop up during the process.
1. The growth of interest in Point-to-Point Encryption (P2PE) has been exponential in the last year and a half. What do you think has influenced this growth?
Topics: PCI, PA-DSS and P2PE
The number of hacked websites losing payment card data is rising rapidly - and the attacks are becoming more sophisticated, stealthy and continue to remain very lucrative for criminals. You've all probably heard this before and are tired of the rhetoric. What you may not have heard before is what it means for your online business if your website gets hacked and loses payment card data. What are the potential liabilities and what is the industry doing to try to curb the loss of payment card data?
Topics: web security
The Forensic team at Foregenix are used to getting cases involving SQL Injections through the door – in fact, not only is SQLi one of the ‘oldest’ tricks in the book, it is still one of the most common attacks seen.
An exploit targeting a critical vulnerability (CVE-2016-4010) which is affecting all Magento Versions up to and including 2.0.6 was published on May 18th 2016. The sole prerequisite for a site to be vulnerable is to allow guest checkout, i.e. shopping by customers without an account on the site.
The ITWeb Security Summit 2016 is well underway with the workshop currently taking place at The Forum, Bryanston.
Topics: web security
With the vast majority of online businesses being classified within the small to medium sized category and the huge growth in eCommerce, the Payment Card Industry (PCI) came to the realisation that one of the industry’s greatest exposures lies with the tens of thousands of small to medium sized eCommerce businesses potentially not protecting their client payment data effectively.
Written by Andrew McKenna, PCI QSA, PCIP at Foregenix
Amazon Web Services and Microsoft Azure are the two most common cloud services used in practice. While many people will be familiar with Microsoft language for Active Directory users and groups, Group Policies, virtual machines, IIS webservers and SQL databases, the language used by AWS and the services provided are quite different in many cases. Reflecting this in practice is Microsoft’s support of the hybrid cloud whereas moving to AWS is typically a more complete migration or separation.
For those unfamiliar with the concept of outsourced payment models, it is essentially the adoption and implementation of eCommerce payment services from commercial Payment Service Providers (PSP) rather than merchants handling the payments themselves. You have probably experienced the concept when you suddenly get whisked off to a different site to present your payment details and then revert back to the eCommerce website once payment has been made. The idea of this being to make sure payment details pass directly from the consumer to the payment service provider who has had their operational security reviewed and certified as PCI DSS compliant.