Interesting article for Hospitality Technology.  It’s a pretty goodpiece on taking responsibility for the data that you collect and useand it’s got the right focus - your brand and the consumer.
Theonly thing that I would take a little bit of an issue with is theattitude of compliance being more than security.  I think this is theway that a lot of tech guys understand security - it’s locking down thenetwork, managing passwords, and encryption.  The definition of‘Security’ needs to be understood at the business level - securityisn’t just technical, it’s not …

This is an early version of a position paper that I am working on, but I thought it might be interesting to throw out here and see what initial reactions are to the general ideas presented. To summarize very rapidly - in my opinion, investing in security is an extremely efficient way to utilize corporate funds even in a down economy. Here’s the initial draft document. Again, this is a ‘position paper’ not a full white paper, so it’s pretty high level…
Also, there are Return-On-Security-Investment (ROSI) strategies …

I’m late here, but another very good article from StorefrontBacktalk regarding the Hannaford breach and the reaction from Bill Homa.
StorefrontBacktalk - Former Hannaford CIO: Avoid Microsoft And Change PCIs Encryption Rules.
I think this one paragraph is particularly interesting:
As for the oft-repeated song that Hannaford was breached while PCI compliant indicates some sort of a PCI indictment, Homa said it comes down to two things: “Either the standards weren’t strong enough or the assessor wasn’t doing his job.”
I think this is an interesting statement for a couple of reasons - first …

Thanks to the guys at Payments News
The PCI Security Standards Council is putting on a webinar to help explain how the various PCI standards fit together. Here’s the link to the press release (which has a link to the registration site.)
A Perfect Fit: Understanding the PCI Security Standards

Here’s the link to the summary of changes that are going to take effect on October 1, 2008 and the link below is the FAQ that accompanies …
pci_dss_summary_of_changes_v1-2.pdf (application/pdf Object).
FAQ
There will be a follow-up post on this and it’s potential immediate impact on L1 and L2 retailers over the next few days.

StorefrontBacktalk - How To Sell PCI To Business Units.
Great post about how to get attention internally for information security and PCI projects.  Too often, info. security is seen as an IT problem or an Audit problem and the truth is, it’s a BUSINESS ‘problem’ that needs to be understand and addressed through business terms.
What we’re really talking about is ‘brand’ security - providing your customers peace-of-mind and a level of comfort that supports your brand in their purchasing universe.  Brand relates to sales, profits, marketing, etc. and brand is going …

Dave Whitelegg has a blog that I’ve just stumbled on and the first article I see is this one:
IT Security Expert: Security is a Process, not a Product.
This is a great post and also contains a link to a great article by Bruce Schneier - here - the gist of things here should echo what I’ve been posting about - information security is not something that a vendor with a magic box is going to provide….
Security is a process, an integrated, wholistic approach that incorporates technology, technology products, internal process, …

PCI Blog - Compliance Demystified » Blog Archive » Credit card theft indictments show why small crime matters.

This article is interesting (as is the blog) particularly given the fact that a number of large retailers still don’t seem to take a holistic view of their security situation…  I used to be involved in a number of very large payment terminal deployments (and our company went through the key encryption certification process) and we were working with getting retailers to move to security debit terminals years ago….
I have my feelings regarding the mystery merchant, but we’ll have to see if I’m right when they (hopefully) step forward…
StorefrontBacktalk - …

The article at the New York Times …11 Charged in Theft of 41 Million Card Numbers - NYTimes.com.