Foregenix Blog

Information Privacy, The General Data Privacy Regulation (GDPR) & Your Business

Posted by Andrew McKenna on 30/01/17 16:43

To begin, we'll take the following definitions of 'privacy' and 'information privacy' from the International Association of Privacy Professionals:

Read More

Topics: PCI, PA-DSS and P2PE, GDPR

Encryption 102: 5 Methods of Encryption (Part 2)

Posted by Andrew McKenna on 07/12/16 16:02

Following on from Encryption 101, this post will focus on different methods of Encryption, when they're applicable and why they are important. 

Read More

Topics: PCI, PA-DSS and P2PE, encryption

Encryption 101 - How it works. (Part 1)

Posted by Andrew McKenna on 21/10/16 10:17

Written by Andrew McKenna, PCI, PA, P2PE-QSA at Foregenix

When it comes to talking about encryption, it’s important to ensure we’re speaking about the same thing – and to clarify and simplify some of the different implementations we see. Sometimes these are implemented for security and best practice, while other times they are implemented to tick a box. It's important to know the difference between encryption mechanisms, know when to use what and be able to identify and judge the security of particular implementations. This is the first of 2 or more posts.

Read More

Topics: PCI, PA-DSS and P2PE, web security

Questions for a Point-to-Point Encryption (P2PE) Consultant

Posted by Kirsty Trainer on 26/09/16 13:24

As it stands, Foregenix have certified 70% of the current P2PE Applications and 40% of P2PE Solutions globally - so we have our fair share of experience and knowledge in a relatively new market. We asked one of our leading Consultants, Paolo Basilio, a few questions that frequently crop up during the process. 

1.     The growth of interest in Point-to-Point Encryption (P2PE) has been exponential in the last year and a half. What do you think has influenced this growth?

Read More

Topics: PCI, PA-DSS and P2PE

PCI Compliance, SAQ A & the Hacked Website. Does tick box compliance ensure security?

Posted by Kirsty Trainer on 30/03/16 12:47

With the vast majority of online businesses being classified within the small to medium sized category and the huge growth in eCommerce, the Payment Card Industry (PCI) came to the realisation that one of the industry’s greatest exposures lies with the tens of thousands of small to medium sized eCommerce businesses potentially not protecting their client payment data effectively.

Read More

Topics: PCI, PA-DSS and P2PE, web security

Foregenix certifies the world's first PCI P2PE v2 Application

Posted by Benjamin Hosack on 25/03/16 14:36

Foregenix has certified the world's first PCI P2PE version 2 application for Optomany.

Foregenix is the global leader in assisting and certifying over 40% of the PCI P2PE solutions and over 80% of the PCI P2PE Payment Applications globally.

Working with Optomany, Foregenix assessed all aspects of the axept® application including development practices, encryption key management and the handling of sensitive cardholder and authentication data, resulting in an Attestation of Validation (AOV) from Foregenix and the Payment Card Industry (PCI) Security Standards Council confirming validation with the new internationally-recognised standard.

Read More

Topics: PCI, PA-DSS and P2PE

The Visa EU Acquirer Mandate - What it means to SME Business

Posted by Richard Jones on 23/03/16 13:24


As a PCI Forensic Investigator (PFI) we have experienced an exponential increase in the number of e-commerce merchants who are succumbing to account data compromises.  This new mandate could have serious implications for those businesses and their acquiring banks.

Read More

Topics: PCI, PA-DSS and P2PE

PCI DSS v3.2: Update scheduled for March/April release

Posted by Kirsty Trainer on 25/02/16 17:31

Recently the PCI Security Standards Council announced an upcoming update to the PCI DSS which will increment the version from 3.1 to 3.2. We knew an update was coming to account for the changes to SSL and early TLS per changes from version 3 to 3.1 and additional guidance provided on mitigating the risk of using these protocols in recent months. Additional changes are also being introduced as due to the maturity of the PCI DSS, the update cycle is changing. Rather than have a significant update at the end of this year, we can anticipate a more dynamic standard with rolling updates to reflect the evolving threat landscape. The next version is scheduled to be released in the first half of this year and the Council is aiming for a March/April timeframe.

Read More

Topics: PCI, PA-DSS and P2PE

Prepare to don the ‘luminous green jacket’ of Cyber Security

Posted by Richard Jones on 08/01/16 15:55

There’s no doubt that each high profile data compromise story seems to garner more attention than the last. The news media thrives on stories that run and run, particularly if they have a whiff of corporate miss-doing about them.  The problem is that such ‘scandals’ are rarely isolated.  It’s more a case of who hits the headlines first and whether or not others can get their act together before they get found out too!  The reality is that many are ‘accidents waiting to happen’, a case of pushing ones luck for as long as one can get away with it. Simply put, taking a risk. After all isn’t that what running a business is all about?

Read More

Topics: PCI, PA-DSS and P2PE

Creditcall Achieves PCI P2PE Certification for ChipDNA

Posted by Benjamin Hosack on 15/12/15 15:07

With 2015 drawing to a close and many businesses seeing their payment card transaction volumes growing with the festive holidays approaching, it is with great pleasure that we can congratulate Creditcall on achieving PCI P2PE compliance for the ChipDNA solution. With a PCI P2PE compliant ChipDNA solution, Creditcall clients will be able to focus on their business knowing that their Creditcall’s ChipDNA solution is taking care of the security of their transactions.

As of this morning (15th December 2015), there are:
Read More

Topics: PCI, PA-DSS and P2PE