Monthly ArchivesDecember 2008

BUSTED! Why passing the blame for a PCI Breach will fail. standard

After the year we had in 2007 with PCI related breaches, who would have thought that 2008 would give us more? I mean, after last year, who would have thought that we would see another major breach given the “lessons” we learned? Um, I did. Fo-sho. Why? Because early in my career I learned that most executives don’t care about problems until they hit close to home. Like right under their nose. We’ve seen two instances this year of companies that had validated compliance with a QSA, but were subsequently breached. Without specifically commenting on either of these cases, we have never conducted an investigation of a compromised entity and learned that they were compliant at the time of the ...

Continue Reading

Your Doctor does not take Security Seriously standard

Probably. Well, at least one of mine doesn’t. Let me take you through the scene I lived as I completed a routine checkup at my doctor’s office last week. After arriving and being called back, they did the standard how tall are you (thankfully, I have not shrunk), how much do you weigh (PRE-thanksgiving, thanks!), do you have a pulse, and is your blood pressure somewhere in between dead and explodingly high. Yep, I said it. Explodingly. It’s a smashup between a gerund and an adverb. An “adverunderb.” So after all the basic stuff, we sit down and review my medical history as they have it, including any surgeries or medications I have been on prior to my visit. As ...

Continue Reading

PA-DSS Validated Applications Published standard

The transition of PABP to PA-DSS looks more complete every day. In the last 24 hours, the PCI Council has posted their validated application list. Many of these applications were grandfathered under various versions of PABP and will have to be reviewed under PA-DSS in the next one to two years. As of today, 85 payment applications are listed from 55 vendors. Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Equifax is only half the problem, your SSN needs a redesign! Orfei Steps Down Should you be a PCI Participating Organization?

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!