Slide
Payment
/
Thursday
20
July
2023

PCI SSS aims to reduce Internet payment vulnerabilities

The latest edition of Oaklen Consulting's industry watch analyzes several publications on the subject of data security.

Verizon publishes its annual Data Breach Incident Report (DBIR) on security incidents.

This study is based on 914,547 security incidents, 234,638 of which turned out to be genuine security breaches with data leakage. Note the difference in definition between security incidents and breaches: breaches are confirmed incidents with data theft:

  • Four main routes to corporate assets are favored by attackers: credentials, phishing, vulnerability exploitation and botnets;

This year, ransomware continued its upward trend with an increase of almost 13%. It's important to remember that ransomware is really just a model for monetizing an organization's access. Blocking the four key paths mentioned above blocks the most common ways ransomware invades your network;

Although it seems to be stabilizing year on year, thanks in particular to awareness-raising efforts, error remains a dominant trend and is responsible for 13% of intrusions. This year, 82% of breaches involved the human element. Be it the use of stolen credentials, phishing, abuse or simply human error.

Since October 2022, the PA DSS program published by the PCI SSS (Payment Card Industry Data Security Standard) has been replaced by the PCI SSF (Software Security Framework) program, comprising two standards: (i) the PCI SLC (Software Life Cycle) for entities wishing to demonstrate their ability to deploy secure development, and (ii) the PCI SSS (Software Secure Standard) for payment solutions requiring certification. This standard aims to ensure that payment software is designed, developed and maintained to protect payment transactions and data, minimize vulnerabilities and defend against attacks.  

The PCI Council has published version 1.2 of the PCI Secure Software Standard.

In line with the release of the PCI MPoC rollout in November 2022, the PCI Council has released version 1.2 of the PCI Secure Software Standard to describe the key software security controls to be implemented to address the most common security issues related to the use of Internet-accessible payment technologies namely:

  • Deployment of documentation and monitoring of software components and open-source APIs;
  • Control access to payment software Web APIs and critical connected assets;
  • Deployment of mitigation measures for common Web attacks ;
  • Means for protecting communications between web-based payment software components.

For more information and to obtain the complete watch do not hesitate to write to us: contacteznous@oaklen.eu

Share this article
To go further

Our other articles

Payment
/
Wednesday
25
September
2024

The Environmental Impact of Payment: Cards vs Cash

Read the article
Fraud
/
Thursday
19
September
2024

Tightening AML/CFT requirements in Europe: sanctions and new directives

Read the article
Payment
/
Thursday
12
September
2024

Regulation of payment and e-money services in Europe

Read the article
Innovation
/
Tuesday
3
September
2024

Compliance with IA Act and RGPD requirements in the use of artificial intelligence in the payments sector.

Read the article
Fraud
/
Thursday
22
August
2024

How can fraud be contained for use cases without strong authentication?

Read the article
Compliance
/
Wednesday
10
July
2024

Oaklen Consulting obtains Safety Assessor accreditation from EPI Company

Read the article
Compliance
/
Tuesday
14
May
2024

The start of 2024 heralds major changes in the regulatory landscape applicable to payment services

Read the article
Payment
/
Tuesday
19
March
2024

Regulators step up pressure on payment-related commissions

Read the article
Payment
/
Tuesday
5
March
2024

The European Central Bank sets its priorities for 2024

Read the article
Innovation
/
Monday
12
February
2024

Oaklen Consulting strengthens its strategic position in a fast-growing payment market

Read the article
Payment
/
Friday
2
February
2024

The card plays a central role in everyday spending

Read the article
Payment
/
Thursday
21
December
2023

Euro: Reinforcing legal tender and preparing the legal framework for a potential digital euro

Read the article
Fraud
/
Thursday
7
December
2023

The right combination to combat fraud effectively: User awareness and fair compensation

Read the article
Payment
/
Thursday
12
October
2023

Between consolidation and segmentation of offers, card acceptance/acquisition continues to undergo major changes

Read the article
Innovation
/
Thursday
14
September
2023

Technological innovations and payments feed off each other to create new uses

Read the article
Payment
/
Thursday
20
July
2023

PCI SSS aims to reduce Internet payment vulnerabilities

Read the article
Payment
/
Friday
5
May
2023

The diversity of payment habits in Europe demonstrates the need to adapt the fight against fraud to the local context

Read the article
Payment
/
Thursday
16
March
2023

Acceptance systems that evolve to meet consumer expectations

Read the article
Compliance
/
Monday
13
February
2023

Mobilize the entire company around the project of writing the annual internal control report

Read the article
Payment
/
Wednesday
25
January
2023

Instantaneous and universal are the keys to all retail payments: by bank transfer, cash or fractional payments

Read the article
Digital Payment
/
Thursday
5
January
2023

Crypto payments: why is there always so much "buzz word"?

Read the article
Buying journey
/
Tuesday
8
November
2022

Digital payment faces new challenges in a still growing e-commerce in Europe

Read the article
DSP2
/
Thursday
20
October
2022

The EBA's clarification of the concept of "limited network" foreshadows the orientations of the PSD3

Read the article
Payment
/
Friday
7
October
2022

Acceptance systems at the heart of new payment practices

Read the article
Innovation
/
Thursday
30
June
2022

PW Consultants becomes Oaklen Consulting. New name, new look, new expertise, but our mission remains the same.

Read the article
Payment
/
Thursday
30
January
2020

Digitalisation of currencies is emerging and 'traditional' payment methods are proving resilient

Read the article
Digital Identity
/
Thursday
13
February
2020

Digital identity: a topic of "interest" to both regulators and payment industry players

Read the article
Open Banking
/
Thursday
12
March
2020

Open Banking: a development that is going global

Read the article
Payment
/
Tuesday
24
March
2020

Instant payment is being rolled out on both sides of the Atlantic

Read the article
eCommerce
/
Thursday
2
April
2020

e-Commerce: Continued and increasingly international growth

Read the article
Innovation
/
Thursday
16
July
2020

Local or global, stablecoin wants to shape its future

Read the article
Digital Identity
/
Tuesday
28
July
2020

Digital Identity Implementation Guides

Read the article
Payment
/
Tuesday
29
September
2020

Divergent views on a possible revision of the 2015 Interchange Regulation

Read the article
Payment
/
Thursday
8
October
2020

Cross border: a new 'horizon' for payments

Read the article
Payment
/
Wednesday
28
October
2020

Payment business model issues exacerbated by COVID-19

Read the article
Open Banking
/
Thursday
3
December
2020

Open Banking: the UK shows a path to maturity

Read the article
Digital Payment
/
Tuesday
12
January
2021

Europe takes first steps towards a digital Euro

Read the article
Payment
/
Thursday
28
January
2021

Payments at the heart of Europe's Strategy for Digital Finance

Read the article
Fraud
/
Tuesday
23
February
2021

Points of vigilance on anti-money laundering, payment fraud and operational risks

Read the article
Open Banking
/
Thursday
18
March
2021

Open Banking & Payments: the "principles" are taking shape

Read the article
Payment
/
Tuesday
20
April
2021

Instant transfer structures the hybridisation of payments

Read the article
Innovation
/
Thursday
29
April
2021

Technology is opening up ever more opportunities for innovative financial services

Read the article
Payment
/
Tuesday
25
May
2021

Payment systems supervision steps up to take account of the hybridisation of payments in Europe

Read the article
Payment
/
Thursday
8
July
2021

Payment facilities: the authorities are paying close attention to the risk of overindebtedness

Read the article
Banks
/
Tuesday
12
October
2021

Between the fintech innovation race and the attachment to cash, the future of payments is still built on trust.

Read the article
Authentication
/
Monday
15
November
2021

Large-scale adoption of digital payments is conditional on "details" in the customer experience.

Read the article
Compliance
/
Wednesday
19
January
2022

Prepare your annual report on internal control for the year 2021

Read the article
Digital Identity
/
Thursday
16
April
2020

Launch of the first digital identity service in France

Read the article
Payment
/
Tuesday
28
April
2020

Insights into the evolution of payments

Read the article
Banks
/
Tuesday
12
May
2020

Interchange Regulation: a case for the status quo?

Read the article
Banks
/
Tuesday
10
May
2022

The impact of containment on cashless and cash payments

Read the article
Fraud
/
Monday
7
March
2022

User trust is the cornerstone of payments. It is becoming ever more complex.

Read the article
Banks
/
Friday
4
February
2022

The deployment of innovations to make payments more fluid remains highly dependent on domestic market dynamics

Read the article

A question? A project? Tell us all about it.

Because we can't wait to listen to you and help you innovate and emerge. Simply to accompany you. Leave us a message, we will answer you as soon as possible.
Contact us