Radiant Systems and VAR being sued for Data Compromises
Wednesday, November 25th, 2009 Posted in PCI DSS | 4 Comments »A recent press release announced that Radiant Systems and a reseller of their products called Computer World are being sued in a class action suit for "millions of dollars" for issues that resulted in hundreds of instances of identity theft. ...
Only 3 Seats Left for Dallas CPISM/A!
Monday, October 26th, 2009 Posted in PCI DSS | 3 Comments »The Dallas CPISM/A training and certification course has filled up quickly and we only have 3 seats left. If you are interested in attending the November 10-13th event, sign up soon. After reviewing the registrants, this should be a very ...
Another End to End / Tokenization Entrant
Sunday, October 25th, 2009 Posted in PCI DSS | No Comments »Everyone who has read my blogs over the past few years or spoken to me about PCI DSS knows my feelings on end-to-end encryption and data replacement technologies. I have a huge proponent and feel that these technologies will help ...
PCI DSS is “Insufficient?”
Thursday, October 8th, 2009 Posted in Compliance, PCI DSS | 5 Comments »In a lawsuit filed in the wake of the Heartland breach, the plaintiff's attorneys allege that Heartland knew that the PCI DSS was "insufficient" to protect cardholder data. Specifically, the lawsuit alleges, "Heartland executives were well aware before the ...
Visa releases End to End Best Practices! Big Kudos!!
Tuesday, October 6th, 2009 Posted in PCI DSS | 4 Comments »Visa, always leading the charge for the card brands, has just released a new document on Data Field Encryption. Visa's Best Practices document, known as Data Field Encryption Version 1.0 is intended to provide guidance for companies building end to ...
DHS Looking for 1,000 CyberSecurity Experts! Happy CSAM!!
Friday, October 2nd, 2009 Posted in PCI DSS | No Comments »An article on CNN says that the Department of Homeland Security is looking for 1,000 cybersecurity experts over the next 3 years. The head of the DHS announced this at the start of "National Cybersecurity Awareness Month." If you have mad ...
Secure Payments Articles Archived
Monday, September 28th, 2009 Posted in PCI DSS | No Comments »All Secure Payments articles will now be archived as .PDFs within the Society of Payment Security Professional's site. Currently articles from Q1 and Q2 are online with Q3 coming soon. If you have not had a chance to check out ...
The Compliance Spectrum…Reducing PCI DSS Scope
Wednesday, September 23rd, 2009 Posted in PCI DSS | 7 Comments »This is an article from the 2nd Quarter of Secure Payments. Recently people have been asking about how I can state that the use of end-to-end encryption, tokenization, data vault technologies, and point to point encryption can reduce the ...
You can hate ‘em…but you better respect ‘em…
Tuesday, September 22nd, 2009 Posted in PCI DSS | No Comments »[caption id="attachment_1241" align="alignleft" width="205" caption="Long ago..."][/caption] During my time in the military I learned a few things that have served me will in my position as a business owner, a payment card security practitioner, and a person. One of the things ...
PCI SSC Seeks standard for End to End Encryption? (UPDATE)
Tuesday, September 22nd, 2009 Posted in PCI DSS | 5 Comments »UPDATE: I just spoke with Pieter Penning of PWC. I was unaware that it was his group that was conducting the end to end analysis for the PCI SSC. I had assumed (we all know what they say about assuming ...
