Branden R. Williams, Business Security Specialist

November 2014 Roundup standard

November was a light month around here, and for good reason. I touched three continents and we took the kids to Disney. Then came the holidays and there was just too much going on to blog! That said, the show must go on! The latest edition of our book finally hit the shelves. Thanks for sending pictures of you with your new books! If you need to order your copy, head over to the website at www.pcicompliancebook.info. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. The economy is humming along quite nicely. How do we know? Because people are getting poor customer service and reading posts like this one. Is ...

Still Confusion in the Ranks standard

Just a short one for you guys today. Go take a look at the diss-fest happening in the public eye here between a couple of prominent organizations around policy making for electronic payments. Credit Union National Association talking points for some of the pains around breaches. NACS rebuttal and fact checking. Even the big guys get confused sometimes. It’s a complex world out there. Possibly Related Posts: pgMail 1.5 Released! Let’s Encrypt for non-webservers When Man Pages Go Weird Aviation Apps I Use Sellers Buying 5-Star Amazon Reviews

CurrentC, Off to a Rough Start standard

Last week we saw a flurry of announcements around CurrentC, a merchant-driven alternative payment scheme that is designed to cut the costs from electronic payment processing. Sure, they didn’t demonstrate a great approach to security with the notification of their breach last week, but no payment information was put at risk. CurrentC is designed to work in a similar manner as Apple Pay (enabled by a smartphone), but it platform independent and works using QR-codes to transact business. Essentially, any merchant with a scanner that can read a QR-code would theoretically be able to accept this form of payment. That brings in grocery stores and big-box retail for sure as most use some kind of scanning technology to assist in ...

October 2014 Roundup standard

October is one of my favorite months of the year. The leaves are turning, the heat subsides, we spend more time outside, and of course, Pumpkin EVERYTHING. Last month was the ETA Leadership Forum, PCI Berlin, and the DevOps Enterprise show. Apple Pay is here! Ironically enough, I’ve only been able to use it once, and it didn’t work. One thing I do like is the push alerts for my Amex. I’m hoping to have more on Apple Pay in the coming weeks, and look for a critical assessment of CurrentC (MCX) this week. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. The economy is humming along quite nicely. How ...

Guest Post: Digital Fingerprinting—Do You Know Who You’re Doing Business With? standard

The following is a guest post by Frank Stornello of Verifi. Online fraudsters benefit from the anonymity of a virtual medium. They can invent and reinvent who they are on any given day. And they do. They can change email addresses or IP addresses in just a few clicks. But it’s a little more expensive and time consuming to change the hardware that they’re using to make a purchase—the PC, laptop or smartphone. That’s why “digital fingerprinting” or “device fingerprinting” has become a popular means for fraud prevention. Just as good old-fashioned fingerprinting has been used for over a century to identify criminals and thwart crime, digital fingerprinting can do the same by identifying the fraudsters’ tools, if not the ...

The Role of Evidence-Based Management standard

Evidence-Based Management (EBMgt) is a topic growing in popularity in both the academic and professional worlds for a number of reasons. We’ve never had access to the volume of data that we do today coupled with the processing power available to make sense of it. In addition, we’ve learned that while hunches give us a gut feel we are comfortable with, we like to confirm it with data (which can be challenging when coping with Confirmation Bias). One of the bigger lessons you learn when you continue past a Masters degree is that your opinion doesn’t matter. Everything you write about should be evidence based. Synthesis is great and a critical step in Bloom’s Taxonomy—meaning it is just fine to ...

There Are No Unicorns standard

Those of you in the DevOps community know exactly who I am talking about when I use the term Unicorn. Amazon, Netflix, and Disney all come to mind. After two days here at the DevOps Enterprise Summit, we shouldn’t be using the term unicorn at all to describe these high-performing IT organizations. If we have to choose four-legged animal, they are more like a thoroughbred than a unicorn. Here’s why. When trying to strategically position a firm in the marketplace, scholars like to use Resource-Based Theory (sometimes called the Resource-Based View of the Firm), largely popularized in recent literature by Jay Barney. His seminal paper in 1991 is frequently cited when trying to understand why one firm has competitive advantage ...

Apple Pay is Here, First Notes standard

12:01 hits and I hit my Software Update menu item to see if I can snag me some Apple Pay, and BAM! There it is! 20 minutes later, I am ready to go with iOS 8.1. Here are a few notes for those of you who may be using it as well. Apple Pay is a part of Passbook, and acts like any other Passbook integration. You can open Passbook and add ONE card, but any additional cards must be added under Settings -> Passbook & Apple Pay. For each card that is enrolled, you may be asked to validate your identity. Make sure that your banks have current email addresses and phone numbers for you. They will send you ...

Facelift Friday! standard

For those of you who have not noticed yet, the website has gotten a much needed update! For those of you who have been around here for a while, you will remember that the last time I did something was in 2009, right before the 2nd edition of the book published (4th edition coming soon!). Quite a bit has happened since then, including new design styles and ways to present information. I contacted Spellbrand to help put a fresh look on things! All of the old information is still here, it’s just presented a bit differently. You will also notice that I will be updating my Herding Cats column as well as I got out of habit of doing this ...

Enable 2-Factor Everywhere standard

Dropbox is the latest victim to announce that a third party (Snapchat was last week) integration caused a ton of their usernames and passwords to be leaked on Pastebin. At this point, most of our super-useful cloud services (Evernote, Twitter, Facebook, Google, and Dropbox to name a few) all have the ability to turn on some kind of stepped-up authentication. Some of these use Google Authenticator, which couldn’t be any easier to use than it already is (probably). So after you go change your Dropbox password (to something unique, not used on any other website), take a few moments to step up your authentication with 2-factor authentication. It will only take you a few minutes, and it will provide much ...