More Strategies for Eliminating Cardholder Data standard

Greetings folks. My new article entitles “More Strategies for Eliminating Cardholder Data” has now been published on the VeriSign website. This is an expansion of my previous article which primarily relied on Hashing. Based on clarifications from the card associations, hashing is not a silver bullet (do you know of any that are?) and hashed data is still considered cardholder data. The real risk is that rainbow tables can be created if someone knows how the hash is created. Since the keyspace is so small, the rainbow table creation is rapid. This article expands that and takes a more holistic approach to data elimination and talks about many other strategies. It does not address the culture shift question that someone ...

Continue Reading

Knowing Your Data Flows standard

Going to privacyrights.org will clue you into a large cause of data breaches–the stolen laptop. This type of incident is a repeated example of why knowing where data lives in your enterprise is so vital. When we are called into a customer for PCI consulting services, rarely do we see a holistic approach to understanding data flows. There are certainly experts who know their part, and 80% of the time they are right on. But they often lack an over-arching perspective of the data flows, and are unaware of data flows that lie outside of their bailiwick. The level of documentation required for overarching visibility is considerable, but it is also extremely valuable. Imagine being able to see the entire ...

Continue Reading

Visa Slows Compliance Acceleration Program’s Penalties standard

eWeek is reporting that Visa has announced it is relaxing the fine and fee deadline of September 30th. Essentially, what this means for non-compliant merchants is that the proposed interchange rate hikes are lessened to simply say that non-compliant merchants will not be eligible for the “best available” tiered interchange rates. However, non-compliant retailers are still facing costs potentially in the millions by not being able to qualify for lower rates during the ever important holiday shopping season. Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization? Is All Good News REALLY Good News?

Continue Reading

PCI SSC Announces Milestone & German Translations standard

I know, I know… You guys JUST finished reading my previous post and now I’m posting something about PCI. The PCI-SSC released two items of note today. The first is that their participating organization program has surpassed 275 members. When you look at the list of members, there are some pretty impressive names up there! The first big summit is scheduled to be in September. In addition, the German translation of the PCI-DSS has been released. This brings the total translations to 6. Possibly Related Posts: PCI Council Loses $600K in Revenue, PO Population on the Decline Why PCI DSS 4.0 Needs to be a Complete Rewrite Orfei Steps Down Should you be a PCI Participating Organization? Is All Good ...

Continue Reading