Branden R. Williams, Business Security Specialist

May 2015 Roundup standard

It finally happened last month. In May, North Texas set a record for being the wettest may on record. For those of you who have been watching from afar, check out this great infographic that shows how much 35 trillion gallons of water will cover. In other news, we had a major breach that is having bigger impacts than many realize, we are seeing the first reports and fall-out from PCI DSS 3.1, and key provisions of the Patriot Act expired. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the economy is heating up? Who knows why this one is still at the top. Regardless, more people inquiring about ...

Why the Adult Friend Finder Breach Should Concern You standard

Check out this great post by Dave Lewis over at CSO who reports on one of those face-palm realizations that many folks are having today. Adult Friend Finder is a social hookup site that fell victim to a breach with all kinds of data on its members now disclosed to the public. Why is that a big deal? Because an alarming number of users on that site signed up for the service using their corporate email accounts. HR nightmare aside, there is a ton of really great information now available to an attacker. If you use the service, you may have your own issues with your intimate details and preferences being publicly available. As a corporate CISO, you need to ...

March-April 2015 Roundup standard

Shush it. I know it’s been a little slow around here. There are some major things in the works! I started a new gig, for one, which is consuming the bulk of my time. I’m also working on a 3.1 addendum to our book, which should be out by the summer. March and April were some busy months for many of us. Three major shows (MAC, ETA, and RSA Conference) all happened in those months. PCI DSS 3.1 was released. You paid your taxes (hopefully). Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. Maybe the economy is heating up? Who knows why this one is still at the top. Regardless, ...

Verizon Report should be a Wake Up Call for the PCI SSC standard

Verizon recently released their annual state of PCI Compliance Report, which attempts to give a snapshot of current issues in the space as well as trending data over previous years. To summarize the report, the state of PCI Compliance is “not good.” It’s now 2015, more than 10 years after the first release of the standard, and we continue to struggle with compliance rates. In a Computer Weekly article, the GM of the Council says that “wake-up call for every business that cares about payment security.” Respectfully, I think that the results in this report should be a wake-up call for the Council. These findings combined with lower than expected compliance rates and continued breaches (none of which came from compliant merchants) ...

Banks & Merchants are not ready for EMV standard

EMV, or that fancy chip thingie that many of you are starting to see in your banking cards here in the US, is an anti-fraud technology released in the 90s with global adoption. US markets are finally taking steps to encourage adoption here, and for the most part, nobody is ready. There is a key date coming up in October of this year. Essentially, merchants who have invested in EMV terminals that are capable of processing a transaction (meaning, the EMV slot can’t just be for show) will benefit from protections if counterfeit cards are used at their location. If they don’t, they are unable to seek relief for chargebacks coming from fraudulent charge reports. It’s the carrot method for ...

Updates to the Definition of Cardholder Data Post standard

I wrote a post in 2009 that is now the all-time, third most popular post on this blog entitled, The Definition of Cardholder Data. I wrote it after leaving the 2009 PCI Community Meeting where there was more bickering and positioning on what constitutes cardholder data than I had ever seen. My experiences there prompted the post, and I figured it was time to go back and revisit it for PCI DSS 3.0. Go check out the updates and see if it is any more helpful! On a side note, I have formally accepted a new, exciting position with an amazing company. More on that in the coming weeks!

February 2015 Roundup standard

How much snow do you have? Can it be measured in feet or inches? February kept piling it on for many of you, and it even affected the kids here in Texas! Snow days! Don’t forget, the latest edition of our book finally hit the shelves. Thanks for sending pictures of you with your new books! If you need to order your copy, head over to the website at www.pcicompliancebook.info. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. It’s the holidays, and possibly the time when we encounter trouble with transactions the most. Thus, more people inquiring about customer service! Check out this diversion from security that will make you ...

The Impacts of Breaches: New Research! standard

Part of the reason why I went through the enlightening process of my third run through academia as a learner was to be able to contribute research back to the field. I’m happy to announce that my first paper is now public for download. Available for download through the Merchant Acquirers’ Committee is this piece that examines the economic impacts of breaches entitled, The Impacts of Breaches: A Survey of MAC Members on the Realities of Data Breaches. In it, I reveal research that helps to explain some of the economic realities of breaches. Here’s a preview, it’s not as bad as you probably think! I’ve also built an academic manuscript for this paper which goes into much more detail ...

Life Saving Aviation Tips Applied to InfoSec standard

I came across this humorous little collection of life saving aviation quotes. As a pilot, it’s good to have these little quips tucked away for when things move away from straight and level. A good friend of mine pointed out that he often used one of these quotes in InfoSec-related keynotes he gave, and I thought I’d share some here with InfoSec commentary! Aviate, Navigate, Communicate. When the proverbial crap his the fan, information security professionals may be the key to keeping a company safe (or the catalyst to a bad situation) from a data loss. As a pilot, when things go wrong you have to remember to fly the plane, navigate it to a safe place, and tell controllers ...

January 2015 Roundup standard

January is gone and football is over. There have not been too many posts around here to speak of, but it’s a new year! I will have good news soon, so stay tuned! Don’t forget, the latest edition of our book finally hit the shelves. Thanks for sending pictures of you with your new books! If you need to order your copy, head over to the website at www.pcicompliancebook.info. Here’s what you folks liked the most last month: The Only Customer Service Script You Will Ever Need. It’s the holidays, and possibly the time when we encounter trouble with transactions the most. Thus, more people inquiring about customer service! Check out this diversion from security that will make you think ...