Steps to Take to Reduce the Anxiety of Paying Online
Last year, 92 million people bought things online using credit cards, debit cards and services like PayPal and Google Checkout. Millions of others paid bills and wired money electronically from bank accounts with just a few clicks.Despite the apparent popularity of all these services, they still cause nagging anxiety for many of us.We wonder, how secure are these payment systems? Will I be out the money if someone steals my account numbers and goes on a wild shopping spree or bleeds my savings dry?Deciding which online payment method to use would seem to be a simple matter of picking whichever offers higher security. But the wise consumer also weighs the legal protections in the case of theft: the best security and the lowest liability don’t necessarily go together.Here’s the lowdown on the risks associated with the most popular ways to pay online:
via Steps to Take to Reduce the Anxiety of Paying Online – NYTimes.com.
PCI and the Art of the Compensating Control – CSO Online – Security and Risk
This guide to compensating controls is excerpted from chapter 12 of PCI Compliance by Dr. Anton Chuvakin and Branden Williams (Syngress, 2009). For a full sample chapter, see http://www.pcicompliancebook.info/
Information in this chapter:
* What is a Compensating Control?
* Where are Compensating Controls in PCI DSS?
* What a Compensating Control Is Not
* Funny Controls You Didn’t Design
* How to Create a Good Compensating Control
Few payment security professionals can find a hotter PCI DSS topic than compensating controls. They always look like this mythical accelerator to compliance used to push PCI Compliance initiatives through completion at a minimal cost to your company with little or no effort.
Compensating controls are challenging. They often require a risk-based approach that can vary greatly from one Qualified Security Assessor (QSA) to another. There is no guarantee a compensating control that works today will work one year from now, and the evolution of the standard itself could render a previous control invalid.
Also on CSOonline: PCI DSS No Angel, But Certainly Not the Devil
The goal of this chapter is to paint a compensating control mural. After reading this chapter, you should know how to create a compensating control, what situations may or may not be appropriate for compensating controls, and what land mines you must avoid as you lean on these controls to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS).
via PCI and the Art of the Compensating Control – CSO Online – Security and Risk.
Profit Margins – Project Management Awareness Needed | MyProjectTracker – The Blog
“A profit margin on my project? – sure I got paid, isn’t that all that matters.” — End quote.
I’ve heard this four times in as many days and it is the theme tune of many small and not-so-small enterprises who are grateful for having cash flow. Big, big mistake. I call it Profit Margin Shame (PMS – what did you think I was talking about?)
When people (outside of big business) are asked about profit margins the reaction can be one of embarassment on the part of the business person. It is considered to be politically incorrect to even recognise the possibility that your company is making a profit and by inference a margin on every sale that you make.
Why is this? Margins are key to every businesses survival . Margins enable your business to grow and to continue to give your customers the quality of service that you aspire to deliver.
I would much rather know that a business I was dealing with was doing well as it instills a confidence on two fronts;
* the rather obvious “well at least they are going to stay in business while they are doing my job”
* but also the rather less obvious ” they are making money so therefore they have provided good service to their previous customer”.
Many believe that if a customer is aware of the fact that they make money/profit, that the customer will squeeze them on their delivery costs.
Really? Will they do that too much? Sure – they will haggle because that’s what is expected, but most customers are happy with value and will not contest a bill if they believe that they are getting this.
The trick for margins is to make sure that you deliver value and this is factored into your price.
How many times have you “covered your costs” to win the business (including your own time)?
More importantly, how many times have you not actually figured out how much it is going to cost you to do a job and just gone with the flow – this absence of margin calculation is a common theme amongst small enterprises in particular.
If you had considered a margin, how would your business have improved? How would your customer have benefited? What new concepts could you have researched and developed….? Oh, and how will you stay in business?
Margins – you need them!
via Profit Margins – Project Management Awareness Needed | MyProjectTracker – The Blog.
Why 41 Percent of You Would Fail a PCI Audit – CSO Online – Security and Risk
Security vendors are launching a gazillion products this week at RSA Conference 2010, but hidden in all of those press releases are a few nuggets that illustrate the big picture trends. Here are a few of the more interesting items found in the press room this morning:
QSAs: 41 Percent of Companies Would Fail PCI audit
New research from The Ponemon Institute suggests nearly half of the companies out there would bomb a PCI security audit.
The report says that while only two percent of businesses outright fail compliance audits, 41 percent would fail if unable to rely on temporary compensating controls to meet Payment Card Industry Data Security Standard (PCI DSS) requirements. These alternative routes to compliance must meet QSA approval, but they may be just temporary fixes or be eliminated by future changes to PCI DSS. Their prevalence appears to indicate businesses are still coming up to the speed with the security standard introduced in 2006.
via RSA 2010: Why 41 Percent of You Would Fail a PCI Audit – CSO Online – Security and Risk.
Average Annual Cost of PCI Compliance Audit? $225k – CSO Online – Security and Risk
Merchants that undergo network audits to ensure compliance with the Payment Card Industry Data Security Standards are paying an average of $225,000 each year — and 10% of these business are paying $500,000 or more annually, according to a new study. In spite of that, 2% of them fail these audits.Credit card data security: Who’s responsible?The study, conducted by The Ponemon Institute under sponsorship of Thales, surveyed 155 qualified security assessors QSA worldwide who are authorized by the PCI Security Standards Council to conduct these annual technical reviews of the largest merchants’ networks. The QSAs were asked to share information about how much their customers are spending on annual PCI audits, which are required by banks and card associations, such as Visa or MasterCard, to be allowed to process payment cards.With $225,000 to $500,000 spent annually on a PCI audit, “that’s a large chunk of change to be doing each and every year,” says Dr. Larry Ponemon, the Institute’s founder. That cost doesn’t include the technology changes and the operating and staff costs associated with the audit, according to the survey. Ponemon notes that sometimes the annual PCI audit “leads to a better security posture, but not always.”
via Average Annual Cost of PCI Compliance Audit? $225k – CSO Online – Security and Risk.
