@virbonus lass' das mal #PCI wissen, weil das Teil ist definitiv nicht DSS-konform!
https://de.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
@virbonus lass' das mal #PCI wissen, weil das Teil ist definitiv nicht DSS-konform!
https://de.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
@hisold My bank stopped issuing #girocard cards with #magstrip 10+ years ago as magstrip was phased out and #NFC was phased in as well as #PSD1 being introduced.
That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN & #NFC systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.
It's also insightful because #fraud would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.
But that's just some cold OSINT based off #TechSupport and peeking behind the curtains professionally...
Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just > 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.
So yeah, that "#magstrip" may be just lacquer but unless it's specifically advertised otherwise only holds the CC & CVV as well as service codes [i.e. chip+pin only] to tell the terminal "Don't accept magstrip, mandate Chip+PIN"]...
Only underdeveloped countries like the #US still use #Magstrips and #credit and not Chip+PIN & #debit!
As of last week, organizations handling payment data must comply with #PCIDSS 4.0.
Our guide explains how Software Bills of Materials (#SBOM) address Requirement 6.3.2's mandate for software component inventory.
Get prepared now: https://anchore.com/blog/pci-dss-4-compliance-with-sboms-and-software-supply-chain-security/
#PCIDSS 4.0 joins the global regulatory push toward #SBOM in 2025.
For organizations processing payment card data, this is no longer optional.
Learn how SBOMs address Requirement 6.3.2 and strengthen your security posture: https://anchore.com/blog/pci-dss-4-compliance-with-sboms-and-software-supply-chain-security/
The March 31, 2025 #PCIDSS 4.0 deadline is past!
Requirement 6.3.2 mandates software component inventories—exactly what #SBOM provide.
Our guide helps security leaders implement SBOMs effectively for compliance and enhanced security posture.
Read: https://anchore.com/blog/pci-dss-4-compliance-with-sboms-and-software-supply-chain-security/
#Paypal is changing its privacy policy. If you have an account, here's what you need to do:
Log in (you *are* using TOTP multifactor authentication, right?)
Click the Gear icon in the upper right corner.
Click "Data & Privacy"
Follow the link under that category to "Personalized Shopping"Click the slider switch to disable data sharing with advertisers and retailers based on your purchase history.
@janef0421 @tante yes, and I can attest that having regulators breathe down the neck of a company with the power to essentially force them out of business due to license revocation is the only way shit got improved.
Because there [de-facto-] regulators say: "You WILL implement THIS!" and are absolutely unwilling to negotiate!
Has anyone working with #msTeams and #PCIDSS managed to convince a credit card company that the public key encryption used to secure #teamsVoice calls is suitable to exempt a corporate network from being in-scope when taking CHD over a telephone call?
@moritz the fact that your bank even has a password lenght limitation is a clear indicazor they violate #PCIDSS and store #plaintext passwords...
But it was all encrypted at rest, right? RIGHT?!?
(Insert Phantom Menace meme)
@zackwhittaker That's (almost certainly) a #pcidss breach! Stop them taking card payments and see how long they last as a company! This should be a stick that gets companies' priorities in order. Does this ever actually happen if you fail a PCI audit?
@GrapheneOS +9001%
The sheer amount of liabilities if not legal through #GDPR & #BDSG, but indirectly through.mandated #standards like #PCIDSS & #PSD2 are the reason one should avoid storing them at all costs!
@Zugschlus @Cappyjax @WB2EEE @elly well, I'd rather not take or stay in a job than commit what I call "Professional #Malpractice"!
Again: We have this entire shitshow because we allow #TechIlliterates and other dipshits to make up regulations on the spot.
The fact that we even allow that #Govware and #Scareware [to even exist, espechally] in #CriticalInfrastructure when in both cases their #EULA explicitly bans that use-case is a testiment for the false priorities of regulators and their rules.
And then they all whine about why noone wants to work for them... What a shitshow.
Tell you what, I'd rather welcome such meetings, because the last time some CEO did that (with an absurd office mandate forcing a colleague into a 500km [one-way!] commute twice a week) they basically mobbed out the two best colleagues I had and subsequently imploded the Linux Infrastructure team.
#Crowdstrike ignoring availability as a problem is like #PCIDSS saying that crashed systems are totally fine in securing credit card data.
@MichalBryxi yeah...
As much as I'm still angry at #Microsoft, #Apple and #Mozilla for blocking #CACert to this day, @letsencrypt is a net positive.
And for the upper triple digits that cert costs per year, the process went quite fast and it took like 5 mins tops.
@lightspill Personally, I think that depends...
Certain things are matters of taste (i.e. #vi, #vim, #neovim, #nano, #ne or #kilo as #editors) and certain things are just objectively correct things to do (i.e. #PGP/MIME encryption on #eMail, using #MutiVendor & #MultiProvider #OpenStandads instead of #proprietary #SingleVendor & #SingleProvider "solutions"...)
As a #Linux & #Unix-esque #Sysadmin I'd rather be disliked as #BenevolentDictator than to deliver or even maintain subpar, substandard, insecure and unmaintainable solutions, because like an #electrician, people / businesses or rather clients / employers expect me to plan and deliver solutions that are 'up to code' and by 'code' I mean the relevant laws and standards ranging from #GDPR & #BDSG to #PCIDSS & #BSI...
@ryebread8403 @michael it's not a matter of flavour, but an #InconvenientTruth that #Windows and #windowsServer are #InsecureInEveryConfiguration, can't comply with #GDPR, #BDSG & #PCIDSS and thus are a "can't use and won't use" for me since I live in a juristiction where actual #privacy and #DataProtection laws exist and no insurance would cover the costs if that were to explode in my face even if doing so wasn't a literal felony ["endorsing or rewarding of a felony"] itself.
@Natanox @marc @cmalloc @kontrollierterWahnwitz
Ja und unter #TechIlliterates die sich einmischen arbeite ich ungernst...
Etwas was z.B. #RedHat, #SUSE & #Canonical ( #UbuntuLTS / #UbuntuPro ) nicht nur anbieten sondern auch evidenziert liefern...