Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘PCI DSS’ Category

No Future Posts

Sunday, March 14th, 2010 Posted in PCI DSS | 5 Comments »

After nearly 4 years we have decided to end of life the PCIAnswers Blog and Forum. While there will be no further posts we will leave the existing posts available for people to access. Thanks for your support!

Facta Non Verba

Thursday, December 17th, 2009 Posted in PCI DSS | No Comments »

I thought I would leave everyone with a quote from Froissart to end the year...when measuring people that freely give advice and hold themselves out as 'experts' it is suggested that you look at those who have gained their expertise through ...

Radiant Systems and VAR being sued for Data Compromises

Wednesday, November 25th, 2009 Posted in PCI DSS | 4 Comments »

A recent press release announced that Radiant Systems and a reseller of their products called Computer World are being sued in a class action suit for "millions of dollars" for issues that resulted in hundreds of instances of identity theft. ...

“After Data Loss ID Theft Soars”….really?

Friday, November 20th, 2009 Posted in PCI DSS | 1 Comment »

I have worked in payment card security since 2000 when I was involved with Visa in writing/re-writing/updating the CISP.  Since that time I have had opportunity to work with Visa and MasterCard, work as a QSA, and QSA Trainer.  During ...

Only 3 Seats Left for Dallas CPISM/A!

Monday, October 26th, 2009 Posted in PCI DSS | 3 Comments »

The Dallas CPISM/A training and certification course has filled up quickly and we only have 3 seats left.  If you are interested in attending the November 10-13th event, sign up soon. After reviewing the registrants, this should be a very ...

Another End to End / Tokenization Entrant

Sunday, October 25th, 2009 Posted in PCI DSS | No Comments »

Everyone who has read my blogs over the past few years or spoken to me about PCI DSS knows my feelings on end-to-end encryption and data replacement technologies.  I have a huge proponent and feel that these technologies will help ...

China Expands Cyberspying in the US

Thursday, October 22nd, 2009 Posted in PCI DSS | 2 Comments »

The Wall Street Journal has a very interesting article out today that talks about cyberspying in the US.  A report released today by the U.S.-China Economic and Security Review Commission indicates that the Chinese government is ratcheting up their cyber espionage ...

California Taking a Step Back?

Wednesday, October 21st, 2009 Posted in PCI DSS | No Comments »

California has long been credited with the creation of the state breach notification law. For many in the security world breach notification and SB 1386 are practically synonymous. Over the years since its passage, however, breach notification laws ...

PCI DSS is “Insufficient?”

Thursday, October 8th, 2009 Posted in Compliance, PCI DSS | 5 Comments »

In a lawsuit filed in the wake of the Heartland breach, the plaintiff's attorneys allege that Heartland knew that the PCI DSS was "insufficient" to protect cardholder data. Specifically, the lawsuit alleges, "Heartland executives were well aware before the ...

Visa releases End to End Best Practices! Big Kudos!!

Tuesday, October 6th, 2009 Posted in PCI DSS | 4 Comments »

Visa, always leading the charge for the card brands, has just released a new document on Data Field Encryption.  Visa's Best Practices document, known as Data Field Encryption Version 1.0 is intended to provide guidance for companies building end to ...
« Previous Entries