Sister CISA CISSP:

PCI DSS


June 30, 2009  5:12 PM

MasterCard Ups the Compliance Quality of PCI DSS



Posted by: Arian Eigen Heald
Compliance, PCI, PCI DSS

I've written before about how the Payment Card Industry's (PCI) Data Security Standard (DSS) has some loopholes that make it easy to look "compliant" and therefore "secure. In order to comply with the DSS requirments, merchants can do one of three options: 1. their own self-assessment report...

April 15, 2009  7:01 PM

The Beginning of the End for PIN Codes



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, PCI DSS, Security Devices

Yesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS. This "minor detail" was buried in an affadavit...


March 17, 2009  2:13 AM

The Emperor Has No Clothes



Posted by: Arian Eigen Heald
Data Breaches, PCI DSS, Start Laughing Now, Tearing My Hair Out

Visa is in a difficult position: it has said that merchants must be compliant, and the ultimate threat is to pull processing permissions from non-compliant merchants. But if one of the merchants turns out to be a payment processor that generates huge profits for Visa, do they cut off their nose...


March 12, 2009  8:50 PM

You May Not Want to Know, But…..



Posted by: Arian Eigen Heald
Data Breaches, PCI DSS

If you are wondering if your banking institution has been affected by the Heartland breach, you can visit bankinfosecurity.com's web page (updated daily) tracking the number of institutions announcing they have been affected by the...


March 9, 2009  11:59 PM

ATM Heists Grow in 2007 and 2008



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, PCI DSS

A story on Wired came out recently about a $9 million ripoff of RBS WorldPay. Further reading on Wired led me to articles about, variously, a cracking of an ATM network in 7-Eleven stores that linked to


February 26, 2009  2:33 PM

Another Big Processor Breach, But Nobody is Talking



Posted by: Arian Eigen Heald
Data Breaches, information security, PCI DSS

Word is rampant on blogs and security portals that another processor breach (in addition to Heartland) has occurred. Banks are being contacted by Visa and Mastercard, to replace credit cards as well as ATM cards. The latest, from


January 20, 2009  9:03 PM

Hannaford Redux – Another Break-in From the Inside



Posted by: Arian Eigen Heald
Data Breaches, PCI DSS, Security

The sixth largest US credit card payment processor Heartland Payment Systems, has just acknowledged that their payment systems have been breached. The discovery of...


December 9, 2008  9:27 PM

Check out the New PCI Standards



Posted by: Arian Eigen Heald
PCI DSS, Security

The new PCI (Payment Card Industry) Data Security Standards, Release 1.2 came out in October, and are worth taking a look. They've added some updated recommendations (like getting rid of WEP entirely by 2010), and I especially liked some of the following features: Compensating...


November 25, 2008  2:57 PM

Data Breaches and Business Liability Part I



Posted by: Arian Eigen Heald
Compliance, Data Breaches, HIPAA, Identity theft, IT audit, PCI DSS, Security

The most significant financial impact of identity theft has yet to be examined. I believe that the risks to business and other institutions now include legal, reputation, financial and compliance risks that cannot be transferred. Victims of identity theft are looking to recoup their financial...


October 10, 2008  2:12 PM

ATMs Redux – Why I Don’t Use My Debit Card



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Hardware & InfoSec, PCI DSS, Security

In a previous post about Automatic Theft Machines I commented on the worrisome rise in skimming with these machines. Now, to add to our pain, we should be concerned about gas station pumps,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: