Clik here to view.
PCI And Virtualization
I just received an invitation for a Webinar on Virtualization and PCI compliance. My friend, John Kindervag is one of the panelists and, no, this is not an unpaid advertisement for anyone to attend...
View ArticleClik here to view.
Doctored Credit Card Terminals
It was announced this week that the Michaels retail stores breach was much larger than originally thought. However, to those of us in the PCI business, this breach should not have been a surprise....
View ArticleClik here to view.
PCI SSC Releases Virtualization Guidelines
On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines. Not only does this Information Supplement cover virtualization from a VMware and Hyper-V...
View ArticleClik here to view.
2011 Verizon Breach Report
At this year’s Community Meeting, Christopher Novak of Verizon Business Services made a presentation regarding the 2011 Data Breach Investigations Report. A lot of people blow off these sorts of...
View ArticleClik here to view.
Defense In Depth
I have a slide in my security presentation deck that discusses the concept of defense in depth and how when you start opening ports or start using encrypted data streams how you are punching holes into...
View ArticleClik here to view.
Of Redirects And Reposts
There are two major techniques in e-Commerce these days for processing payments: redirects and reposts. Redirects are when the e-Commerce site sends their customer to the payment processor’s site for...
View ArticleClik here to view.
Merchant Beware – New Mobile Payment Solution Out In The Wild
Merchants need to be aware of a new mobile payment solution – Square from Square Inc. A colleague pointed me to the Square site with the question, “Is this PCI compliant?” Square appears to be a...
View ArticleClik here to view.
PA-DSS Validation Clarification
On July 23, 2012 we received the following communication from James Barrow, Director of AQM Programs, with the PCI Security Standards Council. I found it worthy of posting so that everyone understands...
View ArticleClik here to view.
Third Party Service Providers And PCI Compliance
There seems to be a lot of confusion regarding third parties that provide networking or hosting services and their obligations regarding PCI compliance. This confusion is not uncommon as merchants and...
View ArticleClik here to view.
The Amazon Cloud And PCI Compliance
If there ever was a hot topic these days it would be “The Cloud” and, in particular, the Amazon cloud. And that discussion inevitably leads to how are the Amazon cloud offerings are PCI compliant? A...
View ArticleClik here to view.
What To Focus On In 2013
It is the end of the year and, like all other pundits, here is another idea on what 2013 will bring in the way of security issues. After reading a lot of the other predictions out there, I tend to...
View ArticleClik here to view.
Service Provider PCI Compliance Process
As a recent question pointed out to me, while service providers now seem to understand they need to be PCI compliant, they do not seem to understand the process under which they assess their PCI...
View ArticleClik here to view.
2013 Threats To Databases
Akamai just released their third quarter 2012 Internet statistics and are pointing to China as the generator of at least a third of all attacks. Not only that, the Chinese attackers are going almost...
View ArticleClik here to view.
Why vSkimmer Should Not Matter
It was announced this week by McAfee that a new threat to merchants has been discovered called vSkimmer. This is a very insidious threat as most merchants will likely not know they have been infected...
View ArticleClik here to view.
Vulnerability Management
On July 1, 2012, requirement 6.2.a went from a “best practice” to an official requirement. Since v2.0 of the PCI DSS was issued, there has been a very active discussion regarding what the PCI SSC was...
View ArticleClik here to view.
Is It The Standard Or Process?
I question whether or not there really is a need to change the PCI DSS this Fall. You look at the requirements and if they were truly followed as designed; the vast majority of breaches would either...
View ArticleClik here to view.
Doctored Credit Card Terminals
It was announced this week that the Michaels retail stores breach was much larger than originally thought. However, to those of us in the PCI business, this breach should not have been a surprise....
View ArticleClik here to view.
PCI SSC Releases Virtualization Guidelines
On Tuesday, June 14, 2011, the PCI SSC released an Information Supplement regarding Virtualization Guidelines. Not only does this Information Supplement cover virtualization from a VMware and Hyper-V...
View ArticleClik here to view.
Defense In Depth
I have a slide in my security presentation deck that discusses the concept of defense in depth and how when you start opening ports or start using encrypted data streams how you are punching holes into...
View ArticleClik here to view.
Of Redirects And Reposts
There are two major techniques in e-Commerce these days for processing payments: redirects and reposts. Redirects are when the e-Commerce site sends their customer to the payment processor’s site for...
View Article