Clik here to view.
RTFM
Bear with me as I tell you a short story. “A long time ago, in a galaxy far, far away,” (thank you George Lucas) I worked with a very seasoned IBM systems programmer. He had the acronym ’R T F M’...
View ArticleClik here to view.
More On Mobile Payments
As I have found out, the definition of “mobile payment” is defined by to whom you are talking. For consumers, mobile payment means using their smartphone to pay for goods and services. For merchants...
View ArticleClik here to view.
If They Want You, They Will Get You
Over the last few years, card brand executives have implied that the PCI standards are the ‘Holy Grail’ and that only by following these standards can cardholder data be protected. To add insult to...
View ArticleClik here to view.
If Not The PCI Standards, Then What?
I have just read a couple of articles as well as attended a couple of meetings where the topic du jour was the PCI standards. They were a bash fest of the highest order. Frustrated, I asked the...
View ArticleClik here to view.
PCI and SOX, HIPAA, GLBA, et.al.
Just got a call regarding PCI and Sarbanes Oxley (SOX) compliance. Whether it is SOX, the Health Insurance Portability and Accountability Act (HIPAA), Gramm Leach Bliley Act (GLBA) or some other...
View ArticleClik here to view.
Doctored Credit Card Terminals
It was announced this week that the Michaels retail stores breach was much larger than originally thought. However, to those of us in the PCI business, this breach should not have been a surprise....
View ArticleClik here to view.
PCI SSC Nixes PA-DSS Certification For Mobile Payments Applications – For A...
In a not so widely disseminated and tough to find statement, the PCI SSC has basically put the kibosh on the PA-DSS certification of any mobile payment applications for the time being. The second...
View ArticleClik here to view.
Mobile Payment Application PA-DSS Certification Clarification Announcement
On Friday, June 24, 2011, the PCI SSC issued a press release and a number of supporting documents regarding PA-DSS certification. In my opinion, the most important part of this announcement is in the...
View ArticleClik here to view.
End-To-End Encryption – The Rest Of The Story
Step right up folks. I have something that will cure all of your problems with credit card processing. It is called end-to-end encryption. Yes, folks, it is the be all, to end all in security. It...
View ArticleClik here to view.
PCI DSS Compliance Certificates
In this month’s PCI SSC QSA Newsletter, the FAQ of the Month is about so called ‘PCI DSS Compliance Certificates’. I started to hear about these a couple of years ago, but it got really big last year...
View ArticleClik here to view.
When Will The PCI SSC And Card Brands Stop The Mobile Payment Insanity?
This week PayPal introduced Here, their mobile payment processing application for Apple iOS and Android devices. The good news is that PayPal Here at least appears to encrypt cardholder data, but that...
View ArticleClik here to view.
Is Security Broken? And How I Propose To Fix It
Dennis Fisher has a blog post entitled ‘The Security Game Needs To Change’ out on ThreatPost. The premise of this post is that the practice of securing networks and applications is broken. Then we...
View ArticleClik here to view.
What To Do About Insiders
The first posting I did on this subject was to provide an understanding that, despite the news stories, the insider threat is a very real threat and needs to be addressed. However, what is an...
View ArticleClik here to view.
PA-DSS Validation Clarification
On July 23, 2012 we received the following communication from James Barrow, Director of AQM Programs, with the PCI Security Standards Council. I found it worthy of posting so that everyone understands...
View ArticleClik here to view.
How The PCI Standards Will Really Die
Welcome to the new year. I hope the holidays have been treating you well and the coming year is good as well. There have been a number of articles written about why and how the PCI compliance process...
View ArticleClik here to view.
Merchant Beware – New Mobile Payment Solution Out In The Wild
Merchants need to be aware of a new mobile payment solution – Square from Square Inc. A colleague pointed me to the Square site with the question, “Is this PCI compliant?” Square appears to be a...
View ArticleClik here to view.
Developers Beware – Stripe
A reader pointed out this merchant services provider to me, so I checked it out. I ran into some concerns as I reviewed their documentation that I want to share with you all so that you have a better...
View ArticleClik here to view.
Mobile Payments Update
This past week, Bob Russo, General Manager of the PCI SSC, held Webcasts to discuss the changes coming to version 3 of the PCI DSS and PA-DSS. For the most part, these Webcasts were nothing special....
View ArticleClik here to view.
Hot Off The Press
The PCI SSC released the final versions of the PCI DSS v3 and PA-DSS v3 this morning. You can get your copies here as long as you sign their agreement. The Change Summary documents for both are also...
View ArticleClik here to view.
PCI DSS v3 and PA-DSS v3 – Wait For It
There are all sorts of QSAs and other experts who are weighing in on the new versions of the PCI DSS and PA-DSS that were released around the first part of November. In my very humble opinion, all of...
View Article