PCI have recently released the new standard and compliance program for Mobile Payments on Commercial off-the-shelf devices (MPoC). This blog is the first of a series discussing Mobile Payments and the security requirements that need to be met. This one describes the compliance environment and the history of how it has reached this point.
The European eIDAS regulation, short for the Electronic IDentification, Authentication and Trust Services Regulation, was created in 2014 to ensure common rules and standards for trust services related to electronic identification across the European internal market. Its main goal is to facilitate easier access to digital services and simplify online interactions among citizens and businesses.
Mobile application hardening refers to the process of securing mobile applications against various threats and attacks. It involves implementing a range of security controls and techniques to protect the application code, data, and functionality from unauthorized access and manipulation.
On July 17, 2023, the National Institute of Standards and Technology (NIST) announced a new set of 40 candidates to compete in their Post-Quantum Crypto Standardization Process for digital signatures. The call for these candidates was issued in September 2022 and ended June 1, 2023. This new round is independent of the ongoing standardization process of the CRYSTALS-Dilithium, FALCON and SPHINCS+ signature schemes that were chosen for standardization in July 2022.
In today's digital era, banks are increasingly leveraging cloud and multi-cloud environments to drive operational efficiency. However, the security and confidentiality of sensitive data must remain a top priority. This is where a centralized key management system (CKMS) comes into play.
The European Commission, as part of the eIDAS 2.0 proposal promotes the European Digital Identity Wallet (EUDI Wallet) as an app that enables citizens and residents all over the EU to identify and authenticate themselves. EUDI Wallet users should also be able to store and selectively disclose, locally and remotely, digital travel credentials (ePassports), driver’s licenses, university diplomas, as well as personal information including medical records or bank account details. The wallet should also allow its users to access a variety of online services, and sign documents with qualified electronic signatures and seals (QES). The scope of this wallet app is described in some detail in The Common Union Toolbox for a Coordinated Approach Towards a European Digital Identity Framework, and a reference implementation is expected for September 2023.
AWS Key Management Service (KMS) has long provided cryptographic services to safeguard your AWS resources. This involves generating and managing keys in a straightforward setup. This system functions effectively for conventional applications not subject to regulated workloads.
Believing that more cybersecurity solutions increase safety is a common misconception. An overload of security measures can ironically generate more risk, leaving your security team grappling with a complexity that may obscure malicious activity. This issue often emerges from a knee-jerk reaction to the latest threats, leading to an unwieldy accumulation of alerts, consoles, and events that hamper a strategic, effective cyber defense posture.
When organizations make the strategic decision to shift their applications and infrastructure onto the cloud, they face a myriad of challenges. These challenges, which require careful consideration, concern maintaining the confidentiality, authenticity, and integrity of their valuable digital assets. In the fast-evolving landscape of digital transformation, these hurdles need to be recognized, understood, and addressed effectively.
