http://pcianswers.com Secure Payments, PCI DSS, Regulatory Compliance Blog Thu, 02 Jul 2009 13:00:43 +0000 http://backend.userland.com/rss092 en As we approach Independence Day, I thought it fitting to post a blog on politics and religion as they are such an integral part of our country’s rich history. It has long been said that politics and religion should not be discussed amongst mixed company. People ... http://pcianswers.com/2009/07/02/religion-politics-and-pci-2/ The Payment Card Industry Security Standards Council (PCI SSC) is inviting its Participating Organizations to provide "detailed and actionable" feedback about the PCI DSS. The move comes amid criticism from various sectors regarding the evolution of the Standard, but does demonstrate that the Council is trying to take positive ... http://pcianswers.com/2009/06/26/pci-ssc-to-accept-comments-on-current-version-of-pci-dss/ As we've been expecting for some time, states are beginning to take action with respect to mandating PCI DSS. The trend began with Minnesota's Plastic Card Security Act, which prohibited the storage of sensitive authentication data. While not a wholesale adoption of the PCI DSS, it did codify ... http://pcianswers.com/2009/06/22/nevada-mandates-pci-dss/ **It should be noted that the claim of cyber theft surpassing illegal drugs as a criminal enterprise has been vigorously debated.  While it has been variously reported for some time, it has also been disputed by a number of respected sources. ** CNN released an article today regarding cyber thieves targeting ... http://pcianswers.com/2009/06/22/cyber-thieves-making-more-than-drug-traffickers/ MasterCard recently announced changes to their Site Data Protection program.  The updates now require Level 1 merchants and level 2 merchants to engage a Qualified Security Assessor (QSA) to validate compliance with the PCI DSS.  Additionally, MasterCard redefined the Service provider thresholds and levels to align with Visa.  Level 1 ... http://pcianswers.com/2009/06/18/mastercard-requires-qsa-for-level-1-and-2-merchants/ The Society of Payment Security Professionals is pleased to announce that we have finalized dates fro a new CPISM/A Training and Exam Seminar. The event will be held at the StayBridge Suites Denver International Airport in Denver, Colorado. CPISA training will begin August 17, 2009 and CPISM training ... http://pcianswers.com/2009/06/10/august-cpisma-training-dates-announced/ Recently, I wrote a pretty critical blog post about the ongoing debate within the industry related to end to end encryption. Today I received an article in which Gartner's Avivah Litan wrote a great summary of the Visa Global Security Summit where Visa acknowledged that there are benefits for merchants ... http://pcianswers.com/2009/06/08/visa-leads-the-way-end-to-end-encryption/ This month, Digital Transactions published a story in which it is announced that a major acquirer is now suing a former QSA for the CardSystems breach.  As stated in the document:  "The suit calls the Savvis inspection report “false and misleading,” and claims Savvis failed to use “reasonable care and competence ... http://pcianswers.com/2009/05/31/lawsuit-over-cardsystems-breach/ Added Amusing story about end to end.  Read: The Inoculation Effect; from Marines to End to End Encryption I just finished reading an article in the Greensheet related to end to end encryption.  While the article does a very good job at showing the different angles and arguments for and against the concept, ... http://pcianswers.com/2009/05/26/end-to-end-encryption-tokenizationis-this-really-a-debate/ Regardless of political affiliations or feelings on the various wars and other actions through the years, I want to encourage everyone to take a moment sometime during the Memorial day weekend to remember those men and women who have given their lives in the service of their country. http://pcianswers.com/2009/05/23/memorial-weekend-post/