Tag: mobile security

PCI Security Standards Council releases new security mandates that e-commerce enterprises must follow

E-commerce enterprises could be penalized if they do not abandon their outdated security protocols. The PCI Security Standards Council has released mandates that businesses must follow, requiring retailers to move away from Secure Sockets Layer (SSL) and embrace Transport Layer Security (TLS) protocols. SSL is a standard security technology that establishes an encrypted connection between a server and those accessing it, but this technology is beginning to grow outdated, especially as cyber attacks become more sophisticated.

Digital attacks are becoming a major threat for the e-commerce world

The PCI Security Standards Council has introduced new security mandates as a response to recent, high-profile digital threats, such as Heartbleed and Shellshock. These threats have caused significant turmoil in the digital space, and e-commerce enterprises may be exposed to risks that have yet to be detected. The organization is now urging e-commerce companies to make changes to their web servers so that they are compatible with TLS protocols. These companies are also being tasked with abandoning SSL support.

Security standards may have an impact on the mobile commerce space as well

These new security mandates will also affect the mobile commerce space. The mobile space has become a valuable target for malicious groups that aim to exploit financial information. Commerce applications are still relatively new, and the companies responsible for these apps are not yet versed in the various risks that exist in the digital space. As such, many apps lack the security they need to find mainstream success and adoption. New security standards could help solve this problem, offering consumers peace of mind when they participate in mobile commerce.

Many companies are still not fully compliant with security standards from the PCI Security Standards Council

Notably, many companies still fail to comply with security mandates issued by the PCI Security Standards Council. According to a recent survey from Verizon, 28% of companies are not fully compliant with security standards nearly a year after they received validation for their security protocols. This could become problematic, as these companies may be unnecessarily exposing themselves to digital risks.

The agency has managed to break through a roadblock that had been giving it a considerable challenge.

The majority of government agencies find that establishing adequate mobile security is not exactly an easy process, as federal experts still battle their way through the tech to try to be able to provide the right level of access through smartphones and tablets, while still protecting their applications and data.

That said, the Department of Defense may now have broken through one of the biggest problems it had faced in this area.

Deputy chief information officer for cybersecurity at the Department of Defense, Richard Hale, has announced that a roadblock that the DoD has been facing for some time now in mobile security may now have been broken away. He explained that the department has come up with a new approach that will keep up its dependence on the Common Access Card (CAC), but that will apply it in a new and fresh way. It turns out that they will not be placing the public key infrastructure credential directly onto the smartphones and tablets. At the same time, “We will not have a separate CAC card reader or something like that,” he said.

Hale spoke of this new mobile security strategy as an AFCEA panel moderator of the D.C. chapter’s Cybersecurity Summit.

He said that there are three separate pilots underway that have already demonstrated that this mobile device security system can be implemented effectively. He did acknowledge that there remain certain security issues in the effort to bring the credentials to the device, but that the department is working their way through those. Therefore, they do not yet have a “formal program to put an issuance infrastructure in place.”

Still, Hale said that it is his belief that within the upcoming “couple of months we’ll make a decision that we have a particular path to credential issuance and then we will put a program up and start doing it.” He even went on to make a “bold prediction” in which he stated that by the close of 2015, the department would already be “issuing derived credentials on a production way on mobile devices.”

According to Hale, this mobile security effort is being examined for all of the major device vendors, including Android, iOS, Microsoft, and Blackberry.