Categories ArchivesDiversions

Is All Good News REALLY Good News? standard

Have you noticed that there has not been too much (well, really any) bad press around the PCI ecosystem lately? Perhaps everything is great! Doesn’t seem like we’ve had the same string of retail breaches that we saw in 2014 (which lead to this piece of research), even though 2016 was bad (good?) in general for cybercrime. A quick data dump from PrivacyRights.org says there are around 100 related to cards since 2016, but some appear to be duplicates (Wendy’s is reported multiple times). Of course, we found out about more problems at IHG last week. Seems like big security bloggers still talk about breaches, but we don’t see the same questions around PCI DSS that we did in 2014-2015. Individuals certified or ...

Continue Reading

The PCI Council’s Revenue Generation Capability standard

The other day I was thinking about all the programs that the Council currently maintains and I wondered if it was possible to see how much money the Council actually brings in every year. I mean, every year seems to see more programs with more fee collection opportunities for the Council, but had anyone ever added all that up? So I got to researching. I started with the usual sources: LexisNexis, Hoovers, Dun & Bradstreet, and found very little information. Only one report by Dun & Bradstreet, who is notoriously inaccurate when dealing with privately held firms, of around $3.7M in 2016. Then I headed over to the IRS’s website to see if the Council had ever filed a form ...

Continue Reading

PCI Compliance, Version 3.2 Now Available! standard

Well folks, it’s finally here. What started as an experiment back in April has finally come to fruition. I’m happy to announce that PCI Compliance, Version 3.2 is NOW AVAILABLE! If you order via the CreateSpace bookstore, please use coupon code 4JRH748R for $2 off through the RSA Conference. You can also order it via Amazon here. For those who want to get the e-Book, it will be available in Kindle format by February 15 (same link as above). As always, huge thank you to all of you out there who keep the conversation going!

Continue Reading

Conference Wrap-Up, 2016 standard

As we get ready to close out 2016, there have been quite a few events I have neglected to post here. I know I owe a larger update and more tools soon, but here’s one in the meantime to recap October and November. For this post, I’m taking a cue from Bill Brenner and supplying some mood music. My mood music is a little more fun than his is, though. October and November was a busy month for speaking and writing. Here’s a quick recap. Ever wonder why it might be a good idea to segment your home network? All those smart devices have to connect somewhere. I wrote an article for Tactics and Preparedness that discusses some of these issues ...

Continue Reading

My Tea Journey, so far! standard

Many years ago, I started a long journey into the world of tea. I still consider myself a n00b, but a no0b who knows what he likes and is not afraid to try something new. A friend of mine was asking about my tea obsession so I ended up putting together this long email that represents my current thinking around the leaf. After spending all that time, I figured I’d post it here, and possibly update it over time. So, with that, here’s an excerpt of the things I love about tea. Sourcing: I am all over the place with respect to tea sourcing. I am on the constant lookout for quality teas of many varieties and processing methods. What ...

Continue Reading

Just wait, Millennials… Gen-Z is coming. standard

I was at a panel discussion with a large group of Dallas-based executives last Friday when a panelist mentioned a term that many of us cringe at: Millennials. I’m one of those kiddos that is nearly straddling two generations (Gen-X and Gen-Y/Millennials), and identify with both generations as a technologist. Many of my peers that are in Gen-X are not nearly as technically savvy as those of us on the younger side of the generation, but the technology uptake of generation X is not the discussion. Millennials show up all over the place. If you ignore history, you would assume that Millennials present the GREATEST RISK to America’s survival in a competitive world. Don’t believe me? Take a look at ...

Continue Reading

Affective Forecasting Strikes Again! standard

Oh yes, that’s a real thing even if YOUR browser thinks “affective” is not a word and shames it with a red squiggly. Affective forecasting is the act of predicting an emotional reaction to some hypothetical future event. We use it frequently. Have you ever filled out a survey that asked you how likely you would be to refer a friend to some company? That’s affective forecasting. Affective forecasting has great uses, but it has serious drawbacks. In my research on the Consumer’s Attitudes Toward Breaches, we learned that nearly every survey related to the study of breached merchants was flawed. In fact, when you ask someone how they will react to a hypothetical event, societal norms will kick in ...

Continue Reading

Need help with Social, try an Audit! standard

As I was thinking about a quick topic for this Thursday post, I came across an article about using social media in your business. Virtually every information security vendor leverages social media in some form or fashion. Twitter and blogging appear to be the most popular from my perspective, but are we really taking advantage of all that social has to offer? Keith Quesenberry wrote a fantastic post that discusses how to treat social media like a journalist, and even gives readers a tool for conducting their own social media audit. If I’m still showing up on the radar of a certain PR firm that represents a certain global industry group, this might be one that you put in front of ...

Continue Reading

Will Plastc Succeed where Coin Failed? standard

Facebook has some really interesting ways to position products in front of its users. Not one day after a few of us went on a Coin rant I was presented an advertisement for Plastc, a bigger and better version of Coin that includes an EMV Chip. Early adopters of Coin had mixed results with the card itself with some merchants refusing to accept it, and current users are struggling with the lack of chip support in the device. Here’s why Coin will slowly be phased out in a way to be completely ineffective. Embedded in the magnetic stripe of your payment card is a collection of data that is submitted for payment when you swipe the card. One of the ...

Continue Reading

What AirBnB and HomeAway Need is Loyalty standard

Before we delve into the topic, you may have noticed me being somewhat absent the last few months. There was a reason for that. Now that the quiet period is over, I can write a little bit more. It’s been an interesting ride to see an IPO from this side. Expect lots more excitement to come! Now, that said, I had the opportunity to do the AirBnB thing a couple of times this year. This is a great model for taking advantage of excess housing supply and is turning out to be quite disruptive to the hospitality space. Like Uber and Lyft for taxi-like services, AirBnB is marrying up property owners with extra space with travelers who need a place to stay. My ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!