Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage PCI DSS Content on InfoQ


RSS Feed
  • Microsoft Releases Azure Payment HSM in Public Preview for the Payment Card Industry

    Recently, Microsoft announced the public preview of a bare-metal infrastructure as a service (IaaS) Azure Payment HSM that provides cryptographic key operations for real-time payment transactions in Azure. It uses the Thales payShield 10K payment HSMs, which delivers a suite of payment security functionality proven in critical environments.

  • Reconciling Kubernetes and PCI DSS for a Modern and Compliant Payment System

    Ana Calin, systems engineer at Paybase, gave an experience report at QCon London [slides PDF] on how the end-to-end payments service provider solution managed to achieve PCI DSS level 1 compliance (the highest) with 50+ Node.js microservices running on Google Cloud Kubernetes Engine (GKE), and using Terraform for infrastructure provisioning and Helm for service deployment.

  • DevOps Survival in the Highly Regulated Financial Industry

    Robert Scherrer, head of application engineering at SIX, on how the company leveraged DevOps principles and benefits in the highly regulated Swiss financial industry. Engaging with compliance auditors to collaboratively agree on solutions early before it's too costly to change and avoiding legacy internal directives (not actually required by external regulations) are the main takeaways.

  • S is for Security

    Frank Breedijk, security officer at Schuberg Philis, talks about the friction points between security and DevOps and how to collaborate to avoid them. Examples include automating security tests and environments, reducing scope of security audits to relevant system components only or allowing security fixes to jump the queue of changes to production.

  • New DMTF WorkGroup To Address Cloud Security Concerns Through Cloud Audit Standards

    Security concerns still remain the top inhibitor of cloud adoption and cloud audits will alleviate some of these concerns. DMTF instituted the Cloud Audit Data Federation Work Group (CADFWG) to define specifications which will empower organizations to audit cloud-based IT resources, regardless of their chosen cloud provider.