Good morning (or whatever it is where you are)!
I’m putting up this post to let everyone know that the blog is going to be changing very shortly - I’m continuing to do a lot of work with leading retailers on information security initiatives and I’m still paying close attention to retail and payments security, but I’m discovering that some other areas of the business world are also starting to become a large part of my daily work life.
As I grow my involvement in these other areas of business (including the …

I started to write a detailed feedback post on the 2010 PCI Community Meeting in Orlando that I attended last week, but realized that there were far more intelligent people than myself already posting, so I’m going to keep my commentary to impressions and general feedback and provide some links to posts that should prove useful for those that are interested in some of the details that came out of the meeting (and what’s coming in PCI / PA 2.0).
To begin with, the entire attitude of the meeting this year …

OK - so I’m on a plane this afternoon (for the 4th week in a row - my wife loves me right now!) heading to Orlando - it’s time for the PCI Community Meeting!
Last year blogging was unofficially encouraged, but there really wasn’t all that much to blog about - this year should prove a bit different given the release of the updated standard.  I’ll try to put together a post or two on relevant and interesting information (that I’m allowed to share), but I’ll also be the moderator on …

I walked into the office this morning and got this in my RSS feed aggregator:
VISA Provides Guidance on Secure Implementation and Management of Payment Applications [link]
After taking a look at the press release and looking through the actual document that VISA (and SANS apparently) produced [link] I think it’s a pretty interesting move on the part of VISA.  If you haven’t yet taken a look and you work for a retailer or a software vendor that sells to the retail space, I’d advise downloading the …

The link to the article on StorefrontBacktalk is below (thanks Evan) - this is really interesting.  It appears that VISA is providing an extension to ExxonMobil on the July 1st, 2010 PA-DSS deadline…
This implies two things (as far as I can see):

That the deadline everyone was wondering about is legit - why would ExxonMobil feel the need to negotiate an extension with VISA unless the deadline was going to mean something and VISA was going to enforce it at some meaningful level?
If you are big enough, VISA is going to …

OK - maybe not all of them, but the most common that I’m hearing anyway…
After asking you all to give me some questions for PA-DSS, I finally am getting around to posting up some answers.  Some of them are also taken directly from numerous conversations that I have had with software vendors over the last several months and, truthfully, I’m glad that I waited to put that post together…It’s not entirely retail focused, as PA-DSS crosses most industries, but I hope it proves useful in answering some common questions…
It’s located …

PCI is just so damn interesting - it’s like a soap opera…  Seriously - if you don’t have to deal with it everyday, I’m sure (as a retailer) that you count yourself lucky, but honestly it’s a hoot.
The game at hand is a combination of punishment and liability avoidance - the case of Hannaford is a good example.  Just when you think it’s all over and Hannaford gets to pick up the pieces and move on, everything takes a new twist.  Now the Maine Supreme Court is getting involved and …

If anyone is heading out to the PCI Community Meeting in Las Vegas next week and wants to connect, let me know (best way to connect is via email. Several of us from NetSPI are heading out to participate in the meeting and I’m looking forward to an informative meeting.
I’ll be at the meeting Tuesday through Thursday evening so let me know. I’ll also try post after getting back from the meeting with anything interesting or useful that I find out. One of the other …