Witham Laboratories - Latest News


UL Expands Global Payment and Security Evaluation Services with Acquisition of Witham Laboratories 4 January 2012 Witham is proud to announce today its merger with UL, a world leader in advancing safety. By adding Witham Laboratories’ global capabilities and expertise in payment terminal, software and infrastructure security, UL can benefit customers throughout the payment card value chain. A link to the press release can be found here. PCI PTS Approved Devices now Accompanied by Images Thursday 22nd December 2011 Starting January 6th 2012 reports submitted for the PCI PTS program must be accompanied by an images of the device. These images will be displayed alongside the device information on the PCI public website. Reports submitted before the date will be unaffected by the change. PCI SSC integrates PCI PIN into PTS Thursday 3rd November 2011 PCI SSC has expanded their PTS program to now encompass the PCI PIN security requirements for the first time. The PCI PIN security requirements concentrate on process management and the management of cryptographic keys. Together PCI PTS and PCI PIN form a complete set of requirements for the secure management, processing and transmission of PIN data. Previously PCI PIN was administered by Visa and MasterCard with the last version known as PCI PIN v2.0 - this will be superseded by the PCI SSC version known as PCI PIN v1.0 (confusing I know). As always mandates are set by the card brands and to date their is no mandate to used the newly released standard. Register for PCI Standards Team presentation on PIN Transaction Security Program Updates: PTS 3.1 and PCI PIN Security Requirements 1.0 Monday 17th October 2011 The PCI Standards team will provide a detailed overview of the newest updates to the PIN Transaction Security (PTS) program, followed by a live Q&A session. The presentation will cover key changes to PTS requirements including: Updates to PTS POI Requirements 3.1 that include two new approval classes for Secure Card Readers and Non-PIN Entry Devices Extension of Secure Reading and Exchange of Data (SRED) and Open Protocol (OP) modules to version 2 devices Explanation of how these changes can facilitate the secure deployment of P2PE technology and mobile payments Overview of PCI PIN Security Requirements 1.0 and the use of this criteria for the protection of PIN data Enhancements to HSM Security requirements To register for the November 8 session, please visit here. To register for the November 10 session, please visit here. 2011 PCI SSC PTS Presentation at Cartes 2011, Paris Tuesday 15th November 2011 Are you heading to the 2011 Cartes Expo this November in Paris? Then join the PCI Security Standards Council's PIN Transaction Security (PTS) team on the morning of Tuesday, November 15th for an information session on the latest happenings in the PTS Program. The first part of the Information Session (approximately 2 hours) will consist of a PCI moderated technical working session. In this session, vendors will have the opportunity in an informal setting to discuss specific questions or interpretations in order to receive clarification or guidance on designs. This should enhance all participants understanding of trends and concerns related to the marketplace and their impact upon compliance. Following a short break, the second half of this year's session will consist of the Council discussing recent and upcoming changes impacting both Point-of-Interaction (POI) and Hardware Security Module (HSM) devices. Registrations are now open here. PCI PTS v3.1 released Monday 10th October 2011 PCI SSC has released PCI PTS v3.1. Key features of this new version are facilities that enable the adoption of point-to-point encryption (P2PE) technology to support PCI DSS compliance. With the release of this new version, requirements have now expanded to include protection of account data on devices that do not accept PIN, increasing the scope of PTS to any card acceptance device. The press release from PCI is available here. Witham Laboratories have compiled a presentation outlining what is new in v3.1, the presentation can be found here. PCI PTS Lab are now able to test to this standard. Please contact Witham Laboratories if you would like further information. PCI Council release ROC Reporting Instructions for PCI DSS v2.0 September 2011 PCI Council has made public the PCI DSS ROC (Report on Compliance) Reporting Instructions. The document detailed the level of rigour required by a QSA to find a PCI DSS Requirement 'in place'. It is a must read for all entities undergoing PCI DSS validation by a QSA. The latest version can be found here. PCI Point-to-Point Encryption (P2PE) solution requirements released Thursday 15th September 2011 PCI SSC has released the first set of validation requirements of its P2PE program. This new set of requirements allows implementation of PCI DSS compliant encryption solutions that can significantly reduce scope for merchants by implementing hardware systems for encryption and decryption. The new P2PE requirements open up a new potential for merchants and solution vendors. The official PCI press release can be found here. PCI Point to Point Encryption Seminar Friday 28th October 2011 On 29th August of this year, the PCI Security Standards Council released a statement detailing their progress with a new standard on Point to Point encryption. The statement outlined the fact that a draft covering the validation requirements for this new standard will be released in September of this year, and that training for assessors, and listing of compliant solutions, will be provided during 2012. The Point to Point Encryption (P2PE) standard will provide details on how to assess merchant environments where encryption is being used to reduce the of scope of PCI DSS validation for the merchants network and non-payment accepting systems. This provides an excellent opportunity, not only to merchants to reduce the cost of their annual PCI DSS validation, but to payment gateways and acquirers who provide card present solutions to differentiate their offerings and gain new customers. The standard will bring together, for the first time, the various different PCI programs - PCI DSS, PA DSS, PCI PTS, and PCI PIN - to form a single holistic approach to card present data security. Organised around the 3rd Annual PCI DSS Compliance Conference, be sure to book early and take advantage of the special 'early bird' discount of only $467.50AUD per person, until 30th September 2011. Standard attendance fee is $550AUD (inclusive GST). This course is offered by Witham Laboratories, and is not endorsed or sanctioned by PCI SSC. For any questions please email: This e-mail address is being protected from spambots. You need JavaScript enabled to view it . Click here for P2PE seminar brochure: Brochure Click here for register: Register Now! More Articles... PCI DSS Wireless Guidelines Information Supplement PCI DSS Tokenisation Guidelines Witham Laboratories Announced as First Member of SPVA Laboratory Network Changes to Witham Labs staff Page 1 of 4 << Start < Prev 1 2 3 4 Next > End >>	Entry Device Evaluations SRED & Open Protocols Device Security Evaluations Key Management Crypto PCI DSS PCI PIN Side Channel Analysis PCI ASV UL Expands Global Payment and Security Evaluation Services with Acquisition of Witham Laboratories PCI PTS Approved Devices now Accompanied by Images PCI SSC integrates PCI PIN into PTS Register for PCI Standards Team presentation on PIN Transaction Security Program Updates: PTS 3.1 and PCI PIN Security Requirements 1.0 2011 PCI SSC PTS Presentation at Cartes 2011, Paris