Tags Archivesservice provider

MasterCard Service Provider Registration Explained standard

MasterCard released (or re-released) a guide on how to become a registered and approved Member Service Provider (MSP) as a requirement to be listed as a compliant MasterCard Service Provider. The PDF linked above has a detailed process for completing this, including two major tasks spread out over several days. The first step is to apply for and receive your user ID under the MasterCard Registration Program. After you complete the six step process outlined in the PDF, you take a week vacation (or just wait five to seven business days). Once you get your ID, just run through the second set of five steps (though that last one is a doozy) and take another short vacation (or again, wait ...

Continue Reading

Do you know your IT? standard

This post is mostly going to apply to smaller companies as I would HOPE (tongue in cheek a bit here) that larger merchants wouldn’t have this problem. Small- and Medium-sized businesses (SMBs) have more advanced software tools available to them today than ever before. Cloud-based solutions allow for multi-million dollar software packages to be available to SMBs at affordable monthly subscription prices. This level of business analytics, automation, and intelligence can make a big difference in how a business competes.  What once would take dedicated headcount can now be automated and scaled. But with great power, comes great responsibility. SMBs that entrust their business or data to these third parties must invest time and effort to understand not only what ...

Continue Reading

Do Small Service Providers Scare You? standard

Take PCI off the table for a minute. Do you get nervous when dealing with a small service provider that performs some niche service for your company?  It doesn’t have to be cardholder data related, but it definitely needs to be some kind of data that is either regulated or is classified as something other than public—data like PII, healthcare, or even intellectual property. Smaller providers can sometimes provide higher or better security than larger ones, and that may be beneficial long term—especially when doing the value proposition. But in some cases, smaller providers are providing a niche service to a larger customer, and are operating on a skeleton crew.  Imagine if a company like Ford Motor Company selected Brando’s ...

Continue Reading

Another Security by Obscurity FAIL standard

I was doing some technical testing for a friend of mine the other day1, let’s call him George, and came across yet another bad example (or a good one) on security by obscurity failing miserably. George just set up his first online service portal for his customer base.  He’s running a Pro Shop for a small, independent country club, and is trying to cut back on costs.  He decided to invest in a simple online tee-time reservation system, and move all of his reservations there.  He went to a managed service (that he probably found via the same method in the footnote below) to handle this for him, and they fired up a small blade with a basic Linux installation.  ...

Continue Reading

Does PTS Apply to ATMs? standard

I’m writing (but not publishing…. Come on folks, it’s 2009…) this from 35,000 feet, somewhere over  the north Atlantic, east of Iceland.  What else am I going to do while sitting in a big, metal recycled air tube hurtling over the surface at speeds never meant for man?  Think and write about security, of course! I’m heading back state-side after a great PCI Europe community meeting.  I didn’t get the final count, but the meeting had just north of 200 attendees.  It seemed smaller than last year, but that could have been the seating arrangement.  One of my favorite sessions is always the PCI Standards Feedback and Q&A Sessions.  This year was no different! While the questions in the US ...

Continue Reading

Visa Makes Registration Easier! standard

Are you a service provider frustrated with the steps you have to go through to become listed on Visa’s global list of PCI DSS validated service providers?  The process of getting listed when you are not a member or a direct agent of a member seems clouded and painful, until now! Visa recently added a very detailed Third-Party Agent (TPA) section to the Risk Management section of their website that details exactly what needs to be done to be listed on the site.  If that were not enough, there is a fantastic FAQ in PDF form that you can take with you wherever you go. As part of this change, Visa eliminated all of the old classifications like Independent Sales ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!