Monthly ArchivesOctober 2007

ISSA features “Strategies for Eliminating Cardholder Data” standard

Have you got your ISSA Journal for October in the mail yet? If not, click on over to their website and you will see that they featured my article! Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Visa Updates Compliance Rates standard

A Visa informational release Friday revealed that 65% of Level 1 merchants have now validated their PCI compliance. This is really no big surprise based on the acceleration program (CAP) that was put into place in December of last year. The message to the remaining 35% is pretty clear. You are now in the minority. While I am sure those merchants affected by PCI are well aware of their compliance programs, this may be that final driver to get top level buy in so that projects are appropriately funded and tracked. Most companies we work with have plans, but no support. Let’s go to compliance! Possibly Related Posts: PCI DSS 4.0 Released plus BOOK DETAILS! PCI Council Loses $600K in ...

Continue Reading

Missing fake bombs? standard

USA Today published a rather comical headline last week about airport security and security screening — Most fake bombs missed by screeners. FAKE bombs. Wouldn’t you want to let FAKE bomb parts pass through and catch the ACTUAL bomb parts? I’m not sure what this study shows. Does it show that the TSA is doing their job well? Hard to say. I think it would be interesting if they redid the study (with some kind of get out of jail free card) with ACTUAL bomb parts. I can only hope that they would be stopped. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the ...

Continue Reading

Is PCI really that hard? standard

The card associations are sternly scolding non-compliant merchants this year, and the attention around PCI related issues has never been greater. Why is it so hard to comply? Surely merchants have some level of security around their customer data, otherwise there would be a compromise every week. Is it technology? Is it cost? Or is it just a lack of motivation from the top down to wrap up these compliance projects? This year, we released a paper that reviewed 60 Reports On Compliance from 50 of our customers over a 15 month period. What surprised us was that what we perceived as one of the easiest requirements to meet–PCI Req 11.2, perform quarterly scans internally & externally–was the TOP failure! ...

Continue Reading

Visa Clarifies Scanning Requirements for Level 1-3 Merchants standard

In a website posting yesterday, Visa clarified on their Merchants page the requirements around quarterly network scans. From their site…. The Quarterly Network Security Scan is an automated tool that checks systems for vulnerabilities. It conducts a non-intrusive scan to remotely review networks and Web applications based in the externally-facing Internet Protocol (IP) address provided by the merchant. Acquirers are responsible for ensuring that the quarterly network security scans required of their levels 1, 2, and 3 merchants are performed by an Approved Scanning Vendor. The Quarterly Network Security Scan is applicable to merchants with externally-facing IP addresses as specified by their acquirer. Quarterly Network Security Scans are not required of merchants that do not have externally-facing IP addresses. We’ve ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!