For some reason, I didn’t see this earlier, but wanted to say ‘kudos’ to Ms. Amato-McCoy.  It’s a short article that just talks about why PCI is important, but as a standard, not as the security end-all that some retailers are still claiming should address all of their security issues.
My favorite quote from the article is at the end - ‘Chains can no longer view security measures simply as a means to achieving some level of “compliance.”
Rather, it is the retailers that take a proactive, foundational approach that will find …

Just got the January 2009 issue of Wired magazine and the first thing I notice is an article about the rise and fall of Max Butler - a hacker that tried to take over the ‘carder’ community.  Wired always does a good job writing these types of articles in a way that is engaging and it is a very interesting read.  I just looked and it’s not on the website, but if you pick up the hard copy, it’s in there…
I think it’s interesting that there are still people out …

Another reported retail security breach …
InternetNews Realtime IT News - Mainframe Breach at LensCrafters Parent Hits 59K.

Here’s the link to the short article on Chain Store Age…
article

This was a quick press release I saw on RIS News’s email newsletter.  I actually need to get up to speed with the solution that Urban Outfitters selected (Interceptas), but regardless, there was a quote from John Kyees (CFO) that I thought was really interesting -
“Urban Outfitters’ success is driven by our commitment to understand our customers and connect with them on an emotional level,” says John Kyees, CFO, Urban Outfitters. “When shopping on our Web sites, customers want a quick and hassle-free experience. Taking a tougher stance against e-commerce …

Another good ‘essay’ from Bruce - the general idea of using ROI as a measure of judging good vs. bad investments doesn’t fly perfectly when it comes to security since so much is based on potential risk rather than solid numbers.
This is a post that CFO’s need to read (and more importantly understand) as I often run into IT or IS personnel that are fighting with finance to fund projects and programs that they can’t ‘guarantee’ are going to save the company money - they are mitigating risk…
This is another …

I’m late here, but another very good article from StorefrontBacktalk regarding the Hannaford breach and the reaction from Bill Homa.
StorefrontBacktalk - Former Hannaford CIO: Avoid Microsoft And Change PCIs Encryption Rules.
I think this one paragraph is particularly interesting:
As for the oft-repeated song that Hannaford was breached while PCI compliant indicates some sort of a PCI indictment, Homa said it comes down to two things: “Either the standards weren’t strong enough or the assessor wasn’t doing his job.”
I think this is an interesting statement for a couple of reasons - first …

Today I got RISNews’ Cross Channel Insights newsletter in my email inbox and the first article I notice is this one…
Enhancing Online Security: U.S. Consumers Lose Nearly $8.5 Billion to Online Threats | | RIS Cross-Channel Retailing Insights: Targeted Articles for Multi-Channel Retailing, E-Tail, and Web Analytics.
Interesting article about a online consumer threats (not really PCI-related) that are affecting online purchasers in a big way. The funny thing - the next article on the newsletter is this one -
High Gas Prices Drive More Shoppers Online This Holiday Season
So, online …

StorefrontBacktalk - How To Sell PCI To Business Units.
Great post about how to get attention internally for information security and PCI projects.  Too often, info. security is seen as an IT problem or an Audit problem and the truth is, it’s a BUSINESS ‘problem’ that needs to be understand and addressed through business terms.
What we’re really talking about is ‘brand’ security - providing your customers peace-of-mind and a level of comfort that supports your brand in their purchasing universe.  Brand relates to sales, profits, marketing, etc. and brand is going …

This is an older segment, but it’s interesting to note how much press things like this get out in the general news world.  As information security and identity theft get bigger and bigger as an area of concern in our society, this sort of report is going to be more and more common and people are going to continue to pay more and more attention to this type of situation.
Hi-Tech Heist, How Hi-Tech Thieves Stole Millions Of Customer Financial Records - CBS News.