Steps to Take to Reduce the Anxiety of Paying Online
Last year, 92 million people bought things online using credit cards, debit cards and services like PayPal and Google Checkout. Millions of others paid bills and wired money electronically from bank accounts with just a few clicks.Despite the apparent popularity of all these services, they still cause nagging anxiety for many of us.We wonder, how secure are these payment systems? Will I be out the money if someone steals my account numbers and goes on a wild shopping spree or bleeds my savings dry?Deciding which online payment method to use would seem to be a simple matter of picking whichever offers higher security. But the wise consumer also weighs the legal protections in the case of theft: the best security and the lowest liability don’t necessarily go together.Here’s the lowdown on the risks associated with the most popular ways to pay online:
via Steps to Take to Reduce the Anxiety of Paying Online – NYTimes.com.
PCI and the Art of the Compensating Control – CSO Online – Security and Risk
This guide to compensating controls is excerpted from chapter 12 of PCI Compliance by Dr. Anton Chuvakin and Branden Williams (Syngress, 2009). For a full sample chapter, see http://www.pcicompliancebook.info/
Information in this chapter:
* What is a Compensating Control?
* Where are Compensating Controls in PCI DSS?
* What a Compensating Control Is Not
* Funny Controls You Didn’t Design
* How to Create a Good Compensating Control
Few payment security professionals can find a hotter PCI DSS topic than compensating controls. They always look like this mythical accelerator to compliance used to push PCI Compliance initiatives through completion at a minimal cost to your company with little or no effort.
Compensating controls are challenging. They often require a risk-based approach that can vary greatly from one Qualified Security Assessor (QSA) to another. There is no guarantee a compensating control that works today will work one year from now, and the evolution of the standard itself could render a previous control invalid.
Also on CSOonline: PCI DSS No Angel, But Certainly Not the Devil
The goal of this chapter is to paint a compensating control mural. After reading this chapter, you should know how to create a compensating control, what situations may or may not be appropriate for compensating controls, and what land mines you must avoid as you lean on these controls to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS).
via PCI and the Art of the Compensating Control – CSO Online – Security and Risk.
RSA 2010 EXCLUSIVE PCI Security Standards Council Interview
RSA 2010 EXCLUSIVE PCI Security Standards Council Interview
At RSA 2010, I was given a unique opportunity to interview Bob Russo GM at PCI SSC and Troy Leach CTO at PCI SSC. I have prepared a deck of very tough questions and then had an hour-long discussion with Bob and Troy around those questions. What follows is the interview reconstruction from my notes with minimum edits and clarifications by the Council folks.