Monthly ArchivesMay 2011

New PCI Board of Advisors Elected standard

The PCI Security Standards Council announced on Friday the new PCI Board of Advisors for 2011 and 2012. There are some familiar names on the list as some of these companies are in their third term on the board, and there are some new faces, namely RSA, the Security Division of EMC. I am the representative from RSA that will be participating on behalf of the company. This is something I am looking forward to, and for those of you that voted for RSA and me, I am grateful! I hope that I can live up to your expectations. In that note, if there are things you are interested in having me take to the board, I would be happy ...

Continue Reading

Visa’s Chargeback Management Guidelines standard

Visa released an interesting PDF yesterday entitled Chargeback Management Guidelines for Visa Merchants. Don’t be turned off by the stereotypical graphic on the front page, there is some good stuff in there for ALL parties involved, not just Merchants. QSAs should read this document to provide a better service to their customers if for nothing else than to see practices from a Non-US centric view. The document starts out with a great review of how payment systems work from the initial presentation of the payment instrument to a monthly bill showing up at the cardholder’s door. Granted, this is a document from Visa, so it has Visa branding and marketing all over this thing, but GENERALLY the process is similar ...

Continue Reading

PCI DSS for the Small Office standard

Before I jump into this topic, have I told you lately that I LOVE reader email? REALLY love it. Why? Because it gives me ideas on content to bring to you! If you have a question or idea for a post, please contact me! Now, on to the goods. A reader asked me about compliance in a small medical office situation. How should someone approach it? You probably got a letter from someone with a Self-Assessment Questionnaire, and you are unsure what to do! Here are a few things to consider: What Level Merchant are you? If you are a level 4, you do not have any mandatory reporting requirements per Visa, MasterCard, and Discover, but your processor or acquirer ...

Continue Reading

Wait, we did something right? standard

Where have I been? Certainly not here! I’ve been on a little bit of travel to Asia and Australia and spending time with security professionals both inside and outside my company. I also tried the Tim Tam Slam for the first time, and videoed it. Enjoy. In my travels over the last two weeks, I am learning that the security market here tends to be more focused on shiny tools than security process. Someone even made a statement about the maturity of the US around information security and how much more mature it is than what they are dealing with. I was a little shocked, actually. It’s pretty rare that you hear that kind of praise outside of the US. ...

Continue Reading

April 2011 Roundup standard

What was popular in April? Poking fun at QSAs still showed up, and I’m working on some new ideas on the behaviors of QSAs for May. Hope to see you at EMC World! Here are the five most popular posts from last month: How To Make A Mobile Payment App Comply With PCI DSS. I had this idea after the PCI Council stopped accepting mobile payment applications, but didn’t have time to put it together until now. It is possible to use a mobile payment application in a PCI Compliant environment! The Lack of Understanding in QSAs. Top five for two months! The statistics are getting interesting. Some reports suggest that HALF of the QSAs trained in 2010 were new ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!