Branden R. Williams, Business Security Specialist

The Un-Sexy Process of Vulnerability Management standard

This week I wrote a blog post over at AlienVault entitled, Internal Scanning for PCI Compliance—Not Sexy but Necessary. Many of us who work in security started our careers doing some kind of vulnerability chasing. It’s our version of firefighting. Look for a vulnerability, patch it, and repeat. As our environments grow, the fervor with which we perform this endless cycle builds until we realize that it’s ultimately unsustainable. That’s when we start to look to treat the cause with the symptom. Go check out the post and let me know what you think. Does IT Hygiene end up being one of the root causes to vulnerability wildfires in our organizations? How do small businesses with little to no IT ...

Will EMV Drive Sales to Amazon? standard

Retail and financial computer networks have almost frozen for 2015, and businesses big and small are gearing up for what will no doubt be an interesting holiday season. Does EMV chip dipping, which is not nearly as awesome as guacamole chip dipping, drive transaction times up and make lines longer for retailers? Do we see more physically abandoned shopping carts as more turn to online retailers to effortlessly complete their transactions and get back to Netflix and chilling? Let’s focus on the transaction times for a moment. Retailers with inefficient implementations of EMV terminals may end up suffering from added labor costs. In order to keep people moving through their lines, more registers will need to be open, which means ...

Game Theory and Payment Security standard

For those of you who do not know, the Federal Reserve branches (the head ones for each district) all conduct and publish research and facts on their respective webpages. The Kansas City Fed is one of my favorite places to go to look for current (and historical) research that is relevant to our industry. Last month they released a summary from the 2015 International Payments Policy Conference which included a session on applying Game Theory to payment security. I’m fascinated by game theory. It’s an area of applied mathematics where even someone like me (who is NOT a math whiz) can grasp. The primary models they applied appear to focus on the EMV liability shift to examine payoffs and equilibria before and ...

Will Plastc Succeed where Coin Failed? standard

Facebook has some really interesting ways to position products in front of its users. Not one day after a few of us went on a Coin rant I was presented an advertisement for Plastc, a bigger and better version of Coin that includes an EMV Chip. Early adopters of Coin had mixed results with the card itself with some merchants refusing to accept it, and current users are struggling with the lack of chip support in the device. Here’s why Coin will slowly be phased out in a way to be completely ineffective. Embedded in the magnetic stripe of your payment card is a collection of data that is submitted for payment when you swipe the card. One of the ...

The Cost of EMV Re-Issuance standard

It’s nearly November, and many of us in the payments space are still reeling from EMV. Nothing like waiting until the last minute to convert, right? One of the topics that has not been covered as much from a breach perspective is the consideration of the cost of re-issuance in a post-EMV world. Graves, Acquisti, and Christin (2014) published a working paper discussing some of the challenges that issuers face when it comes to the decision of re-issuance. Through their analysis they suggest investing in analytics to only re-issue when fraud losses begin occurring on lost cards. When a payment card is known to be included in a card dump from a breached merchant, issuers have a choice to make. Should they ...

October 2015 Roundup standard

What a month October was! From wrapping up one of my favorite seasonal global festivals to the finals days of the State Fair of Texas to First Data’s IPO, there was a lot to take in. More flooding and destructive weather, this time in central Texas. The Central Texas Red Cross chapter is accepting donations and volunteers for those that wish to help. I also posted a fun discussion about loyalty and AirBnB/HomeAway. I’ve had a few responses to it so far, so I may end up doing a follow-up soon. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. OK, so I am still confused on why this is one ...

What AirBnB and HomeAway Need is Loyalty standard

Before we delve into the topic, you may have noticed me being somewhat absent the last few months. There was a reason for that. Now that the quiet period is over, I can write a little bit more. It’s been an interesting ride to see an IPO from this side. Expect lots more excitement to come! Now, that said, I had the opportunity to do the AirBnB thing a couple of times this year. This is a great model for taking advantage of excess housing supply and is turning out to be quite disruptive to the hospitality space. Like Uber and Lyft for taxi-like services, AirBnB is marrying up property owners with extra space with travelers who need a place to stay. My ...

September 2015 Roundup standard

Cooler weather and horrible flooding seem to be topping the news lately. My thoughts are with any of you who are affected. For information on how you can help, and I urge you all to do so, check out this page on Weather.com. We just wrapped up the PCI North American Community Meeting in Vancouver last week. Some of you may have remember me saying that last year was my last year. Alas, I was mistaken. That said, I hope everyone who went sends in their feedback. Frankly, I found the content (with the exception of Tim Horton’s talk) mundane and rehashed, almost to the point of being insulting. Next year may provide some relief as it is a release ...

29th of September, 2015
In: Consumer Security, Enterprise Security
0
0

Samsung Pay is Here standard

The first major challenge to Apple Pay is now here (I’m not counting the Google Wallet as it predates Apple Pay). While I hate the name (seriously Samsung? You accuse Apple of copying you all the time), there is a very cool technology (Thanks LoopPay) that allows for some backwards compatibility that is not present with Apple Pay. These features are part of the Samsung Galaxy S6 and S6 Edge. Couple of key highlights: There are two method of payment, Contactless EMV using Near Field Communications (NFC) and Magnetic Secure Transmission (MST). MST is backwards compatible with (most) existing terminals and will transmit payment information by creating a field that the magnetic stripe reader can interpret. As far as the ...

On Self-Driving Cars standard

What could possibly disrupt the great wheeled livery disruptor Uber? Self-driving cars can certainly take a chunk of money away from them for those of us who have cars, but use Uber to take us around when we go out with friends. It won’t topple Uber like they have toppled taxis, but it will pull some share. Self-driving cars and other livery are the focus of much debate in a number of different circles. Unions, lawmakers, citizens, and technologists all have opinions on the viability of the technology. To be clear, I love the concept. I think the technology has a ton of promise, much like many other things that technology companies are contributing to the automotive industry. But much like other ...