Dawn M. Turner (guest)

Dawn M. Turner is a professional author with a passion for technical regulations and standards, as well as for their relevance and impact on corporate operations and industry in general. Dawn has more than 10 years of IT industry experience in hardware, programming & systems & network engineering. Her educational background includes a Certificate in computer operations & programming, CompTIA and Microsoft certifications, including A+, MCSE and MCP, Associates degree with major in business & minor in computer science, Bachelors of Science degree with major in business forensics & minor in accounting and an MBA with concentrations in finance & economics.

What is Banking-Grade Tokenization According to PCI DSS

The concept of a token has been used in the digital world for almost 50 years to separate and protect real data elements from exposure. In recent times, the concept of tokenization has been used as a security mechanism for protecting sensitive data. When using tokens for data security, non-sensitive data elements that have no exploitable value act as a substitute for sensitive data elements. The tokens act as an identifier/reference that maps back to the sensitive data that is being protected through the tokenization system. Here we look at banking grade tokenization in relation to PCI DSS.

Read more

Selecting the right Key Management System

The protection and secure management of cryptographic keys is crucial for ensuring that cryptography is used in the most effective way to keep data secure. Picking the wrong key management system (KMS) can thwart all the efforts that have been made in using cryptography to protect information.

Read more

Using 3D-Secure and Device Fingerprints for EMV Payments Against CNP Fraud

Credit cardholders are generally protected from liability if unauthorized transactions are made with their credit cards because of consumer protection laws and card policies. This leaves merchants and financial institutions on the hook for losses related to credit card fraud. According to an October 2016 Nilson Report, card issuers were burdened with 72 percent of fraudulent losses in 2015 while merchants were left with 28 percent of the losses.

Read more

Applying Cryptographic Security Services - a NIST summary

This article summarizes the basic cryptographic security services that can be used to protect information (or as a supporting protective mechanism) against attacks, as described in the NIST Special Publication 800-57 (1, rev.4) for Key Management.

Read more

Strong cryptography and key management requirements for EMV and PCI DSS compliance

EMV chips on payment cards contain cryptographic co-processors and dual interfaces that allow for contact and contactless payment options. When issuing an EMV card, the customer’s information is extracted from the bank or financial institution’s database.

Read more

W3C's suggestion for a Web Cryptography API

The World Wide Web Consortium or W3C as it is commonly known was founded in 1994 by the original architect of the World Wide Web, Tim Berners-Lee. It is a consortium of international companies that are involved with the Web and the Internet.

Read more

PAdES and Long Term archival (LTA)

Under the eIDAs Regulation, specifications for formatting advanced electronic signatures for PDF documents are set under PAdES. PAdES is the electronic signature design for PDF Advanced Electronic Signatures.

Read more

UBS launches qualified electronic signatures

The ZertES legislation (Swiss digital signature law) was placed into effect in Switzerland on December 19, 2003. The purpose of this legislation was to regulate the manner for which trust service providers could use certification services with electronic signatures.

Read more

Strong authentication for Governments through trust service providers - a European perspective

One of the greatest benefits of the digital age is the availability of being able to perform many different government processes online in a shorter amount of time versus having to depend upon the postal service or taking time out of a busy day to go stand in a line at a government office.

Read more