Navigation

Second Annual Payment Card Industry Community Meeting - Oh What a Difference A Year Makes!

Sep 30, 2008


Held at the Omni Resort in Champions Gate outside of Orlando this year should great strides in moving the Payment Card Industry initiative ahead in their goal of minimizing criminal activity in the area of card data fraud.

The best speaker was Kimberly Peretti of the United States Justice Department. She talked to us about the work they do in catching and prosecuting the global gangs who perpetuate the growing criminal activity of "carders" for profit.

The "carders" are a fascinating bunch and work to steal cardholder data anyway they can to line their pockets with gold...actually it was e-gold...but hurray for the good guys...They busted e-gold.

So we are making progress in our quest to make it so tough for criminals to gain access to cardholder data that they will turn away. Ah yes, I am the eternal optimist or I wouldn't be engaged in the all to frustrating business of getting all of our merchants PCI DSS and PA-DSS compliant.
The other great news is that the Security Council has formalized our Quality Assurance Program for assuring consistency in the QSA, PA-QSA, and ASV's in assessing and certifying merchants. Without consistency in how we assess and certify merchants to the current PCI requirements we won't have a hope in deterring the criminals.

And even better news, is that the Card Brands recognize the rapidly increasing SQL injection and other type of breaches occurring with the level four merchants and are moving to enforce that all level four merchants must have their own valid PCI compliance ertificate.

The Card Brands, like Visa, MasterCard, American Express recognize that it isn't enough to be processing through a PCI compliant service provider because although THAT back door is locked with a through the service providers valid PCI certificate...the front door is being left wide open by not having assurance that a level 4 merchant or any merchant for that matter has their own PCI compliance certificate showing that their physical environment, web-site, web-hosting network and third party suppliers are all meeting the PCI DSS and PA-DSS requirements.

Could any of you reading this imagine going out and locking the back door to your home but leaving the front door open and just hoping the criminals will only try to steal everything you have by testing the back door and not the front door. It is hilarious to even consider that you would do that, but in fact that is what we have done in our industry.

Further to that is that we are finally moving on enforcing the Web Hosting companies to become PCI Compliant as they are a huge risk to online security by not ensuring that their servers and systems are not maitained daily to PCI requirements. Criminals are able to attack thousands upon thousands of vulnerable sites because web hosting companies have not come to the table on the PCI DSS standards.

To lock down our industry and make it so difficult for the criminals to steal and profit from us requires a collective and collaborative effort from every area in our industry, Web-hosting companies, Merchants, Law enforcement, the Card Brands and Industry Security Experts. Our second annual PCI community meeting showed clearly that our collaberative meeting of the minds, action policies and initiatives are working to bring what has been reactive responses to criminal activity to one of proactive offensive strategy. Although we are losing some of the battles right now, we will as we continue to amass our more than considerable brain power together win this War on Criminal Activity!

I can assure you that my team and I will never give up working together with our peers to assure that our Internet industry is secured for all generations now and in the future.

PREVIOUS POSTS
Aug 25.08 | TOP 10 List of Ways to Create a “Security Culture” Within an Organization

Al Decker and Rebecca Whitener, two security experts from Texas technology services company EDS, have compiled a top 10 list of ways to create a "security culture" within an organization. The two say that with security breaches and identity theft on the rise, protecting information is the responsibility of everyone in an organization. read more

Jul 25.08 | Ted Hart launches Green Nonprofits organization www.greennonprofits.org

"For years I've heard from nonprofits around the world of their interest to support and protect the environment. Because they did not perceive themselves to be experts, it was unclear what they could do to make a difference and still run a successful nonprofit/NGO. Today, GreenNonprofits, Inc. provides that answer; provides that path for every nonprofit around the world to make significant changes that when combined together will create a powerful force for the greening of this industry." - Ted Hart, CEO

GreenNonprofits was founded to be an accessible source of information about greening your nonprofit workplace, and to be a desktop tool for any nonprofit to become green[er].

As people and corporations around the world become more "green" they in turn expect the nonprofits they support to also take proactive steps to protect the environment. GreenNonprofits will lead the way in helping Nonprofits/NGOs around the world meet this challenge. "Ted Hart, CEO" read more

Jan 14.08 | Convio Security Breach and (PCI DSS) Payment Card Industry Data Security Standards

I find it interesting that I see no mention in any of Convio's follow up information of the required and mandatory Payment Card Industry Data Security Standard's compliance certificate for service providers in our industry. read more

Sep 20.07 | What a Difference a Week Makes!

PCI DSS First Global Community Meeting! read more

Sep 10.07 | PCI DSS! Is The Payment Industry Serious About Getting and Keeping Itself Secure?

The PCI DSS program has been in place in its original incarnation as AIS/CISP since 2001! Why is it then that so few organizations world wide are not compliant? Why is it then that so many service providers are still doing business "flying under the radar screen"??? read more

Nov 17.06 | I’ll Take a Ticket on You Kid!

About 6 pm, Wednesday evening October 25, Jimmy, my dearest friend and mentor, transitioned into heaven to begin the next phase of his life! A time for great sorrow and great celebration! read more

May 26.06 | Big Money, Bigger Lifestyle, Biggest Lies!

You know my two sons consistently tell me that I am too honest to be in business. My consistent reply back to them is nonsense. There is no such thing as being too honest in business. I take great pride in always standing in my truth and knowing that my word can be trusted. read more

May 08.06 | What is Happening with My Opinion?

What is My Opinion? read more

ARCHIVE