http://pcianswers.com PCI DSS and Regulatory Compliance Blog Wed, 03 Dec 2008 23:51:34 +0000 http://backend.userland.com/rss092 en Just a reminder that if you are a member of the Society of Payment Security Professionals (SPSP) you can post your resume online for others to find and hire you.  I've seen people looking for people who have skills in PCI compliance and privacy legislation.  What better way to find ... http://pcianswers.com/2008/12/03/got-jobs/ I have always said I could talk for half a day on the scoping considerations of call centers.  They are complex beasts that exist for the purpose of servicing customers, which often involved either accepting or retrieving cardholder data.  I won't go into every detail of call center compliance in ... http://pcianswers.com/2008/12/03/call-centers-with-voip-phones-could-expand-pci-scope/ Chris just finished another successful CPISM/CPISA training class and we now have 30 newly certified CPISMs and 20 CPISAs.  The training and certification have already received great reviews, and now the list of individuals who are certified continues to grow into the hundreds.  I'm honestly suprised at the demand we ... http://pcianswers.com/2008/12/03/successful-cpismcpisa-training-class/ The goal of the PCI DSS is to prevent the electronic and paper theft of cardholder data.  That said, the PCI DSS is not the only standard within the family of PCI family.  The collection of PCI standards includes: PCI DSS :: Targets merchants and service providers who "store, process, or ... http://pcianswers.com/2008/11/24/gartner-misses-the-point-of-pci/ Improperly coded web applications continue to plague the world, not least of which the payments service space.  Here are a few important clarifications about PCI DSS Requirement 6. Developers must be trained in secure coding practices.  They should understand vulnerabilities their application is susceptible based on the (1) functional use and ... http://pcianswers.com/2008/11/24/web-application-vulnerabilities-at-large/ Thanks to a member of the PCI Facebook group who mentioned the website Wordle.net.  This site allows you to create a tag/word cloud from any text or website.  So here's the PCI DSS v1.2 showing the emphasis per word.  You can see "Verify" is very important. http://pcianswers.com/2008/11/23/pci-dss-12-word-cloud/ From time to time I check out the search terms that bring people to this blog.  Instead of just posting them, I'm going to do a little interpretation of what they might mean about the individual. "not pci compliant" - Concerned merchant that has just been notified they need to get ... http://pcianswers.com/2008/11/14/pci-search-terms-and-their-meaning/ James DeLuccia is one of those people who (quite literally) reads and writes about PCI DSS and regulatory compliance issues.  He authors a blog on PCI DSS and has written several books on regulatory issues.  He recently sat for the CPISM and CPISA certifications and had this to say about ... http://pcianswers.com/2008/11/13/cpism-and-cpisa-get-positive-reviews-from-industry-expert/ Did you miss the PCI SSC's webinar on PCI DSS version 1.2 in November?  Did you miss the Community Meeting in Orlando or Brussels?  Do you still want to learn about the changes and updates to the PCI DSS standard? There is one more Webinar you can attend on December 17, ... http://pcianswers.com/2008/11/13/pci-dss-webinar-on-version-12/ Visa recently announced global PCI DSS deadlines, along with a very nuanced point of service provider alignment.  Currently, many of the Visa regions have aligned service provider levels, but not all.  For example, in Asia-Pacific the service provider levels vary slightly from those in the US. On February 1, 2009, all ... http://pcianswers.com/2008/11/13/visa-aligns-global-service-provider-levels/