StorefrontBacktalk - How To Sell PCI To Business Units.
Great post about how to get attention internally for information security and PCI projects.  Too often, info. security is seen as an IT problem or an Audit problem and the truth is, it’s a BUSINESS ‘problem’ that needs to be understand and addressed through business terms.
What we’re really talking about is ‘brand’ security - providing your customers peace-of-mind and a level of comfort that supports your brand in their purchasing universe.  Brand relates to sales, profits, marketing, etc. and brand is going …

Dave Whitelegg has a blog that I’ve just stumbled on and the first article I see is this one:
IT Security Expert: Security is a Process, not a Product.
This is a great post and also contains a link to a great article by Bruce Schneier - here - the gist of things here should echo what I’ve been posting about - information security is not something that a vendor with a magic box is going to provide….
Security is a process, an integrated, wholistic approach that incorporates technology, technology products, internal process, …

Here’s another interesting article written for Bank of America…

Nice overview of how to approach PCI compliance efforts.
5 Strategies to Achieve PCI Compliance - 7-Jul-08: Payment Security article: contact Walt Conway.

I ended up missing NRF’s Big Show in NYC in 2008 and it was a little disconcerting. Prior to this year, I had attended 10 straight shows and, although the memories of the cold (it is always the coldest week of the year) and lugging booth equipment for blocks weren’t the best, I actually enjoyed going. It gives you a good indication of what the industry is going to be focused on for the upcoming year and what the vendor cosmos is up to…
This year (2009), I am …

So I just tossed out a link to an older article from RIS regarding PCI and the issues at Hannaford. As soon as I posted that, I ran into this article which is a short collection of responses including some from people that I have worked with and respect VERY highly.
Sunita Gupta is EVP for Lake West Group and Greb Buzek is President of IHL Consulting and both are people that I consider experts in the business of retail and in the application of technology within the industry.
Bud Wagner …

This is an article from March of this year that was published in RIS news. I realize it’s a little old, but I just stumbled across it…
PCI May Never Stop Hackers: Time to Rethink Security | News | RIS News: Business/Technology Insights for Retail, Supermarket Executives.
This article, in my opinion is both good and bad - first of all, it points out that PCI is not the end-all-be-all for security.
That’s good - it’s important for retailers to understand that PCI is just a ’snap-shot in time’ check on credit-card …

The PCI council has a couple of fact sheets on their site that have some useful information, but it is, by nature, rather generic. There are some really good points discussed, however. Particularly, there is a document called ‘Ten Common Myths of PCI DSS’ which is freely available for download :
https://www.pcisecuritystandards.org/pdfs/pciscc_ten_common_myths.pdf
There are some really interesting points in this document for retailers and I’m going to quickly (I promise) make a few comments about each point in a series of posts. Myth #1 after the jump: