Monthly ArchivesApril 2008

Are we ever safe? standard

The Register is reporting that McAfee’s “Hacker Safe” sites are not so much. In the security industry, we typically refrain from saying things are 100% secure, simply because the only 100% secure computer is the one that does not exist. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

On my way to CSI-SX! standard

Bout to go board my jet-fueled chariot right now. If you are going, look me up on Twitter! I’m planning on taking a cab to the hotel, checking in, and seeing if any conference goings on are… going on. See you there! Possibly Related Posts: Top Posts from 2015 October 2015 Roundup September 2015 Roundup August 2015 Roundup June-July 2015 Roundup

Continue Reading

Tee Hee – Eee Pee Cee standard

GloboTV (via Gizmodo) has a story (in Brazilian Portuguese) about some crooks that used the Eee PC to steal customer’s debit information at ATMs. Tee Hee. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Busy Week in PCI Land standard

I’m going to aggregate several PCI related things here in one post as it has been a busy week in PCI Land! I have other things I want to write about, so stay tuned for more stuff later today and throughout the week. First off, the Council has released the Payment Application Data Security Standard (PA-DSS). This replaces Visa’s Payment Application Best Practices program, and your Point Of Sale application should comply by July 2010, or your customers may not be able to accept Visa cards! Nothing we did not already know, but it is now finally released. Next, the Council also released clarifications on Requirements 6.6 and 11.3 (apparently a very hotly debated topic in a recent QSA Requalification ...

Continue Reading

Dave Taylor gets it right! standard

Please don’t take the title to mean that Dave doesn’t get it right often, I just wanted to laud this recent column at StoreFront BackTalk. The quote specifically that drives the nail home is: If you’re thinking that the Hannaford security breach is a very isolated “blip” and that PCI compliance is the same as securing the enterprise against security breaches, you’d better think again. Why? It’s not uncommon for merchants to turn on security controls shortly before an audit, and turn them off afterward. Could not have said it better myself, Dave. The two points he brings out are, 1) Compliance is not the same as security, and 2) you have to MAINTAIN what is assessed. I had a ...

Continue Reading

Herding Cats, April 2008 is out! standard

If you are not a member if the ISSA, click here to go sign up! I am a monthly columnist in the ISSA Journal–the publication for the association. This month I tell you how you can learn something from the Department of Homeland Security and Ron “Tater Salad” White. Possibly Related Posts: Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Two reports, many questions The Beginning of the End, No PCI DSS 4.0 in 2016 We Should Question Bold Claims that PCI Is “Highly Effective”

Continue Reading

Phillip Hallam-Baker adds to the fire! standard

Phillip Hallam-Baker commented recently on my post about the NRF, but specifically added to the chip and pin point. Thanks Phillip! Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization? Is All Good News REALLY Good News?

Continue Reading

Thanks OpenTravel Advisory Forum! standard

While others at VeriSign are headed to ETA, I took the opportunity to speak about PCI to the OpenTravel Advisory Forum in Atlanta today. A shout out to an excellent group of individuals that are in one of the more difficult industries with respect to PCI (the other being Fuel Dispensing). Thanks for the hospitality! Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization? Is All Good News REALLY Good News?

Continue Reading

News Flash: PCI-SSC Releases the PA-DSS! standard

It appears that the PCI-SSC has finally released the new Payment Application Data Security Standard! You can read all about it here. Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization? Is All Good News REALLY Good News?

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!