Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘Vendors’ Category

Online PIN Debit; Great Idea or Not so Great Idea?

Sunday, October 26th, 2008 Posted in PCI PIN, Vendors | 8 Comments »

I (Chris) want to thank Susan Kohl for sending this over.  Digital Transactions has published several articles on new technology that will allow PIN Debit for eCommerce sites.  Read the article here. In short, the new technology will present a buyer ...

Two-Factor Tokens

Wednesday, June 4th, 2008 Posted in Vendors | 9 Comments »

I finished a great training session today.  Everyone in the class really enjoyed the entertainment and several people described me as "animated" and "high energy".  I hope that's a good thing and I didn't overdo it on the coffee.  One ...

Vendor experience from RSA

Thursday, April 10th, 2008 Posted in Conferences, Vendors | 1 Comment »

I've spoken with several vendors at RSA and some are better than others at positioning their product within a specific market.  This year, everyone is talking about two things at RSA: risk and regulatory compliance.  Of those, what I really ...

PCI Product Vendors @ RSA

Thursday, March 20th, 2008 Posted in Compliance, PCI DSS, Vendors | No Comments »

Over the past few weeks I have received hundreds of emails from vendors asking for a meeting at RSA.  As most media flacks, I've ignored these for the most part, but replied to any that mentioned "PCI" in their product ...

PABP Compliance Does NOT Imply PCI DSS Compliance

Sunday, December 30th, 2007 Posted in Service Provider, Third-Parties, Vendors, pa-dss | 10 Comments »

It has come to my attention that software vendors do not fully understand their responsibilities regarding Payment Application Best Practices (PABP) compliance and their customers’ PCI Data Security Standard (DSS) compliance. PABP compliance does not automatically imply PCI DSS ...

Vendor Wishlist for 2008

Monday, December 24th, 2007 Posted in Vendors | 1 Comment »

(This is republished from our December 2007 newsletter. To read them all as they are released be sure to subscribe or check it out online.) In 2007, compliance was the name of the game and every other vendor claimed their ...

Have you bullied your way into PCI compliance?

Wednesday, September 26th, 2007 Posted in Approved Scanning Vendor, PCI DSS, Vendors | 3 Comments »

Much like other professions, end-of-quarter is always an interesting time for anyone who works in the PCI space. Working for an ASV allows me purview into a flurry of activity, as a significant number of merchants invariably wait until ...

Have you discovered Hackistan?

Monday, July 9th, 2007 Posted in Uncategorized, Vendors | 1 Comment »

That's right, Hackistan! In a viral marketing effort to bring attention to the problem of application security, Fortify Software has developed the website Discover Hackistan and all the hoopla that goes with it. They have a blog, news ...

Where did the operating system go? Security as a service

Monday, July 2nd, 2007 Posted in Approved Scanning Vendor, PCI DSS, Service Provider, Vendors | 1 Comment »

A few weeks back I was invited to the Qualys annual conference in San Francisco. Their theme was Software as a Service (SaaS). No sooner had I returned than CIO Magazine has Software as a Service as their ...

Putting an end to compliance via continous security

Tuesday, May 22nd, 2007 Posted in Compliance, Vendors | 8 Comments »

As we move into year 2 and 3 of PCI compliance for many companies the question I'm left with is, "how does one stay compliant?" Several QSAs have related stories to me of happily helping their clients get compliant ...
« Previous Entries