Monthly ArchivesNovember 2007

Why the NRF is dead wrong standard

According to an interview on 60 Minutes, the National Retail Federation’s position (says Dave Hogan, NRF’s CIO) is that the Card Associations are at fault for credit card fraud because the card associations require retailers to store consumer’s CC data. I can’t believe how wrong these guys are and that they are taking the national spotlight to try and scare consumers into believing this lie. He also says he is not sure how vested the credit card companies are in securing customer data. The funny thing is the whole PCI Standard “thing” came BECAUSE the card associations are interested in securing customer data, not the other way around. And the notion of fines being a revenue stream are absurd. Look ...

Continue Reading

What will you buy? standard

With numerous retailers putting offers both online and in the store, how many of you are making the rush? Maybe because I can remember hitting the mall VERY EARLY in the morning on Black Friday as a kiddo I have never taken part in this. We also have family things going on that day, so it makes it a little bit harder. My advice to retailers, watch out. As we saw back in July, cards stolen in the TJX breach this year could likely be used on the busiest day of the year. Many years ago, I worked retail and learned to dread the day after Thanksgiving. Even on our busiest times, you could at least walk through the store ...

Continue Reading

Back in this side of the world! standard

Just got back from London (and I feel fantastic!), and they are really taking an interest in PCI. I found it very interesting that many of the Big 4 are still heavily involved in providing advice about PCI even though they are not Qualified Security Assessment Companies. The funny thing is that the UK seems to be where the US was about three years ago. Still in the discovery phase, and not a ton of C-level attention yet. Until Visa, Inc. puts something like the Compliance Acceleration Program in place over there, it will likely have a very slow adoption rate. Hopefully Visa will give people at least 24 months notice, and the banks will over-communicate with their merchants so ...

Continue Reading

PCI News Flash! Visa releases new Payment Application Mandates! standard

Yep, more PCI posts. Visa has just released their new Payment Application Security Mandates which give a new timeline for merchants to use PABP (or now PA-DSS) validates payment applications. If you are using a third party application and it is not validated by July 1, 2010, you will likely be subject to fines by your acquirer. There are other items leading up to that, but this is the big one for most merchants. Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization? Is All Good News REALLY Good News?

Continue Reading

PCI News Flash! PA-DSS a REALITY! standard

We’ve all heard speculation, and even speeches where we were told this was coming, but it is now finally one step closer to reality. Today, the PCI Security Standards Council announced the Payment Application Data Security Standard, and its intention to release the new standard by Q1 of 2008. Unfortunately, to my knowledge the PA-DSS is not quite out of draft form yet, and is still sitting with the Members. Once it is clear of that review process, I hope that QSAs will be given an advance copy like we were of the proposed questionnaire. While we are prohibited in sharing the documents with our customers, we can speak to their makeup and how it might affect our them. Stay ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!