Monthly ArchivesMarch 2015

Verizon Report should be a Wake Up Call for the PCI SSC standard

Verizon recently released their annual state of PCI Compliance Report, which attempts to give a snapshot of current issues in the space as well as trending data over previous years. To summarize┬áthe report,┬áthe state of PCI Compliance is “not good.” It’s now 2015, more than 10 years after the first release of the standard, and we continue to struggle with compliance rates. In a Computer Weekly article, the GM of the Council says that “wake-up call for every business that cares about payment security.” Respectfully, I think that the results in this report should be a wake-up call for the Council. These findings combined with lower than expected compliance rates and continued breaches (none of which came from compliant merchants) ...

Continue Reading

Banks & Merchants are not ready for EMV standard

EMV, or that fancy chip thingie that many of you are starting to see in your banking cards here in the US, is an anti-fraud technology released in the 90s with global adoption. US markets are finally taking steps to encourage adoption here, and for the most part, nobody is ready. There is a key date coming up in October of this year. Essentially, merchants who have invested in EMV terminals that are capable of processing a transaction (meaning, the EMV slot can’t just be for show) will benefit from protections if counterfeit cards are used at their location. If they don’t, they are unable to seek relief for chargebacks coming from fraudulent charge reports. It’s the carrot method for ...

Continue Reading

Updates to the Definition of Cardholder Data Post standard

I wrote a post in 2009 that is now the all-time, third most popular post on this blog entitled, The Definition of Cardholder Data. I wrote it after leaving the 2009 PCI Community Meeting where there was more bickering and positioning on what constitutes cardholder data than I had ever seen. My experiences there prompted the post, and I figured it was time to go back and revisit it for PCI DSS 3.0. Go check out the updates and see if it is any more helpful! On a side note, I have formally accepted a new, exciting position with an amazing company. More on that in the coming weeks!

Continue Reading

February 2015 Roundup standard

How much snow do you have? Can it be measured in feet or inches? February kept piling it on for many of you, and it even affected the kids here in Texas! Snow days! Don’t forget, the latest edition of our book finally hit the shelves. Thanks for sending pictures of you with your new books! If you need to order your copy, head over to the website at www.pcicompliancebook.info. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. It’s the holidays, and possibly the time when we encounter trouble with transactions the most. Thus, more people inquiring about customer service! Check out this diversion from security that will make you ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!