What Does a PCI DSS Audit Look Like?

PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems.  Many organizations seek their PCI compliance certification to cover their bases with payment processing and data… Read More

Too Many Targets! Why Target isn’t the only retailer poised for a breach.

Unless you have been living without a source for current news this week, you undoubtedly have heard the bad news about Target Corporation and how hackers breached the technological defenses and stole credit-card data for roughly 40 million customers. The media frenzy focused on Target Corporation has already spawned a dozen class-action lawsuits against the… Read More

Dichotomy

  As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two… Read More

Consumer Reality Check – Lifting the Veil on PCI DSS

I read an article entitled “Global Payments has some explaining to do” (Source: CSO) today and there were some interesting points made by Bill Brenner, managing editor of CSO. He asked specifically, “How on Earth were they designated PCI compliant in the first place? What were the specific actions they took to improve security and… Read More

The PCI Challenge

It is frequently in the news.  Reports have been written.  Punitive and compensatory damages have been awarded.  Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More

New PCI Data Security Standards for Cloud Compliance

The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:

What’s in a name?

Prior to April Fools’ Day, 2011, you probably had never heard of Epsilon Data Management, right? I’d wager, however, that this email marketing firm has heard of you.  In excess of 250 million email account names were pirated from the marketing services firm, vaulting this to what may be the largest breach of personal information… Read More

Juris Doctor 120 of 161 – AKA Beer Breach

I have a natural passion for keeping people safe and secure as many of you know. I also have a real passion for technology law which might be evidenced by the doctoral pursuit in law. I also follow the news looking for cases that have been adjudicated and what the verdict or in most cases,… Read More