Tags ArchivesMonthly Roundup

What was popular in August? I had some fun with Visa’s TIP program, and in fact, just made a final post on the topic (for now) yesterday. Merchants in the middle of technology upgrades have some decisions to make on what they deploy and how they choose to process payments. We also saw our first (that I have a record of) public revocation of a QSA’s status. Here are the five most popular posts from last month: PCI Coucil Revokes QSA Status (Finally?) It had to happen SOME time. With QSA popularity at an all time low, it looks like the Council finally took action against a QSA. See the details here, including some instructions on what to do if ...

What was popular in July? It was an Apple friendly month with more iCloud discussions, Lion, replacing my iPhone, and polls about a stricter PCI DSS. We also saw some mobile payment applications make their way back onto the PA-DSS approved application list, and a flurry of discussion around social media, mostly centered on Google+. Here are the five most popular posts from last month: Security Tips for Non Techies. What is it that you do again? The truly brilliant among us can take our complex jobs and describe them to non-techies in words they understand. But how do you explain the WHY and HOW in simple terms? Don’t fret, DHS did it for you. Learn more here! Audience Participation: ...

What was popular in June? It was iCloud, PCI Council fun with mobile payments and the updated prioritized approach document, and an older post that surfaced in the top five again this month around the quality of QSAs. Here are the five most popular posts from last month: iCloud Security Questions. WWDC unveiled some pretty cool new things from the overlords at Apple, but one of the most interesting to me was the unveiling of the iCloud service. Check my thoughts on some of the security concerns that must be addressed before you consider wide adoption. Updated Prioritized Approach. You cannot cookie-cutter PCI DSS, but if you see it as a crazy daunting task and are at a loss when ...

What was popular in May? Poking fun at QSAs still showed up, and I’m working on some new ideas on the behaviors of QSAs for May. Hope to see you at EMC World! Here are the five most popular posts from last month: PCI DSS for the Small Office. Inspired by a reader (just email me your questions), I discuss how a small office should tackle PCI DSS. New PCI Board of Advisors Elected. Yep, looks like I get to contribute a bit! I’m now on the Board of Advisors representing RSA. Visa’s Chargeback Management Guidelines. Wondering how to deal with chargebacks? Check this document out for specific details on what you need to defend yourself (and more importantly, what ...

What was popular in April? Poking fun at QSAs still showed up, and I’m working on some new ideas on the behaviors of QSAs for May. Hope to see you at EMC World! Here are the five most popular posts from last month: How To Make A Mobile Payment App Comply With PCI DSS. I had this idea after the PCI Council stopped accepting mobile payment applications, but didn’t have time to put it together until now. It is possible to use a mobile payment application in a PCI Compliant environment! The Lack of Understanding in QSAs. Top five for two months! The statistics are getting interesting. Some reports suggest that HALF of the QSAs trained in 2010 were new ...

What was popular in March? This month was rather light as my travel schedule was a bit hectic. But I’m working on some great stuff for you this month! Here are the five most popular posts from last month: The Lack of Understanding in QSAs. The statistics are getting interesting. Some reports suggest that HALF of the QSAs trained in 2010 were new QSAs. I’m all about fresh blood, but at some point you might need some experienced folks, right? RIGHT? Bueller? I Don’t Need to Know, I Can Look it Up. Sure, storage is cheap nowadays, but why do we insist on keeping every single piece of data that our business comes across on any given day? Is that ...

What was popular in February? This month I concluded my new piece, The Seven Deadly Sins of a QSA! You can download it below. We also had the 20th Annual RSA Conference in San Francisco this year. It was probably the best RSA Conference I have attended since I started working the show five years ago. Here are the five most popular posts from last month: Visa Allows Non-US EMV Merchants to forego PCI Assessments. This was an interesting move by Visa. Essentially, Visa has given merchants a way to avoid the annual assessment process if they meet four critera. Check out this article to see if you can qualify! Keep in mind, if you accept other non-Visa branded payment ...

What was popular in January? This month (and through February) I am posting my new piece, The Seven Deadly Sins of a QSA. The first draft was very long, but the final piece is around 6,700 words (and too hot for TV). I hope you guys enjoy this! Here are the five most popular posts from last month: Seven Deadly Sins of a QSA Series. This took the first and third through fifth slots this month. Stay tuned as I keep posting this series! At the end, I will have a PDF version for download with all of the content included. PCI DSS 2.0 Release and Review. For the FOURTH month in a row, this post appeared in the top ...

What was popular in December? I was a little bit slow with the posts this month, but I made up for it with two Five Things lists for ya!  December is traditionally a slow month for some, and for vendors like me, it was chaotic. We introduced some new services at EMC and still have been reeling from the PCI v2.0 release. Here are the five most popular posts from last month: PCI DSS 2.0 Release and Review. For the THIRD month in a row, this post took the number 1 spot. This release is two years in the making, and the next one is due in thirty-four months. I threw together a few notes along with links to the ...

What was popular in November? It was all about PCI 2.0 in November, I cooked for #BSidesDFW (check out my apron), and we discussed mixed-mode virtualization with respect to PCI DSS! Look for some fun PCI stuff this month as well! Here are the five most popular posts from last month: PCI DSS 2.0 Release and Review. For the second month in a row, this post took the number 1 spot. This one is two years in the making, and the next one won’t happen for three more years. I threw together a few notes along with links to the document. Scoping Fun with PCI DSS 2.0. How do you know what you need to do for PCI DSS unless ...