I’m honored to be joining the Payment Card Industry (PCI) Qualified Security Assessor (QSA) ranks. Credit card fraud and identity theft will always be a problem and it seems we continue to be painfully more and more aware of just how often it is breached by cyber-criminals. If you would like to know more about what… Read More
Too Many Targets! Why Target isn’t the only retailer poised for a breach.
Unless you have been living without a source for current news this week, you undoubtedly have heard the bad news about Target Corporation and how hackers breached the technological defenses and stole credit-card data for roughly 40 million customers. The media frenzy focused on Target Corporation has already spawned a dozen class-action lawsuits against the… Read More
Dichotomy
As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two… Read More
HORSE WIKI: The Holistic Operational Readiness Security Evaluation wiki
Looking for the HORSE Project? Look no further! Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki. We would like to invite the information security community to participate in this open community project. The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, lawyers and legal practitioners, financial… Read More
PCI – The Supermassive Small Merchant Black Hole
Existing in the commerce galaxy, the vast majority of merchants are doing “traveling” or business without proper safety controls or rather, information security controls in place. While I know of no single solution or silver bullet that can be purchased or leveraged to ensure absolute information security, there are many ways your store and customer… Read More
Consumer Reality Check – Lifting the Veil on PCI DSS
I read an article entitled “Global Payments has some explaining to do” (Source: CSO) today and there were some interesting points made by Bill Brenner, managing editor of CSO. He asked specifically, “How on Earth were they designated PCI compliant in the first place? What were the specific actions they took to improve security and… Read More
Uninsured – Underinsured Information Highway Motorists
On the information freeway, the vast majority of the population is driving ninety miles per hour (144 KPH) without insurance; this includes business entities as well. In the United States, as in many other countries as well, the law dictates that a person possess a minimum level of automobile insurance to protect the financial stability… Read More
The PCI Challenge
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
New PCI Data Security Standards for Cloud Compliance
The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:
What’s in a name?
Prior to April Fools’ Day, 2011, you probably had never heard of Epsilon Data Management, right? I’d wager, however, that this email marketing firm has heard of you. In excess of 250 million email account names were pirated from the marketing services firm, vaulting this to what may be the largest breach of personal information… Read More
Juris Doctor 120 of 161 – AKA Beer Breach
I have a natural passion for keeping people safe and secure as many of you know. I also have a real passion for technology law which might be evidenced by the doctoral pursuit in law. I also follow the news looking for cases that have been adjudicated and what the verdict or in most cases,… Read More
Mobility Madness: Securely Extending Commerce to Mobile Users
With any emerging information technology, particularly those that interweave financial transactions, such as commerce and banking, one of the first concerns should be security. With an exponentially increasing number of consumers using mobile payment technologies, there is increased scrutiny of the precautions retailers are taking to guard these transactions. For retailers with mobile commerce sites… Read More
Domestic Terrorism
According to a recent analysis conducted by Akamai, out of the all the cyber-attacks observed originating from the 209 unique countries around the world identified, the United States was the top attack traffic source, accounting for 12% of observed attack traffic in total. Russia and China held the second and third place spots respectively, accounting… Read More
Weekly Digest for June 17th
mdpeters New blog post: Weekly Digest for June 10th https://michaelpeters.org/?p=2490 [obDADkenobi]. mdpeters Blog Updates Weekly Digest for June 10th – mdpeters Blog Updates The not-so-funny thing about passwords There is an… http://ow.ly/17GT8E [obDADkenobi]. mdpeters New blog post: Now Reading: Irrefutable Laws of Leadership – 9 https://michaelpeters.org/?p=2628 [obDADkenobi]. mdpeters Blog Updates Now Reading: Irrefutable Laws of… Read More