http://pcianswers.com Secure Payments, PCI DSS, Regulatory Compliance Blog Sun, 14 Mar 2010 21:30:25 +0000 http://backend.userland.com/rss092 en After nearly 4 years we have decided to end of life the PCIAnswers Blog and Forum. While there will be no further posts we will leave the existing posts available for people to access. Thanks for your support! http://pcianswers.com/2010/03/14/no-future-posts/ I thought I would leave everyone with a quote from Froissart to end the year...when measuring people that freely give advice and hold themselves out as 'experts' it is suggested that you look at those who have gained their expertise through experience as opposed to theory. "There were young knights among them ... http://pcianswers.com/2009/12/17/facta-non-verba/ A recent press release announced that Radiant Systems and a reseller of their products called Computer World are being sued in a class action suit for "millions of dollars" for issues that resulted in hundreds of instances of identity theft.  This is a very interesting wrinkle in the PCI DSS ... http://pcianswers.com/2009/11/25/radiant-systems-and-var-being-sued-for-data-compromises/ I have worked in payment card security since 2000 when I was involved with Visa in writing/re-writing/updating the CISP.  Since that time I have had opportunity to work with Visa and MasterCard, work as a QSA, and QSA Trainer.  During that time I have had many opportunities to work with ... http://pcianswers.com/2009/11/20/after-data-loss-id-theft-soarsreally/ The Dallas CPISM/A training and certification course has filled up quickly and we only have 3 seats left.  If you are interested in attending the November 10-13th event, sign up soon. After reviewing the registrants, this should be a very interactive course with some great comments and input from the ... http://pcianswers.com/2009/10/26/only-5-seats-left-for-dallas-cpisma/ Everyone who has read my blogs over the past few years or spoken to me about PCI DSS knows my feelings on end-to-end encryption and data replacement technologies.  I have a huge proponent and feel that these technologies will help secure our industry and provide significant benefits in reduction of ... http://pcianswers.com/2009/10/25/another-end-to-end-tokenization-entrant/ The Wall Street Journal has a very interesting article out today that talks about cyberspying in the US.  A report released today by the U.S.-China Economic and Security Review Commission indicates that the Chinese government is ratcheting up their cyber espionage efforts in the US.  US companies have been specifically targeted. ... http://pcianswers.com/2009/10/22/china-expands-cyberspying-in-the-us/ California has long been credited with the creation of the state breach notification law. For many in the security world breach notification and SB 1386 are practically synonymous. Over the years since its passage, however, breach notification laws have undergone a number of evolutionary changes - central reporting ... http://pcianswers.com/2009/10/21/california-taking-a-step-back/ In a lawsuit filed in the wake of the Heartland breach, the plaintiff's attorneys allege that Heartland knew that the PCI DSS was "insufficient" to protect cardholder data. Specifically, the lawsuit alleges, "Heartland executives were well aware before the Data Breach occurred that the bare minimum PCI-DSS standards were ... http://pcianswers.com/2009/10/08/pci-dss-is-insufficient/ Visa, always leading the charge for the card brands, has just released a new document on Data Field Encryption.  Visa's Best Practices document, known as Data Field Encryption Version 1.0 is intended to provide guidance for companies building end to end (or point to point) encryption solutions.  This marks a ... http://pcianswers.com/2009/10/06/visa-releases-end-to-end-best-practices-big-kudos/