Skip to main content

The WiKID Blog

Viewing posts tagged Security and Economics

Best Practices

There were a number of tweets yesterday about "best practices".  This took me back to Adam Shostack's post at New School on his best practice: Think.  Now I am throwing my hat in the ring with:

More on PCI: The Costs of Credit Card Fraud

For all the circus atmosphere of the PCI debate at Shmoo, I got the feeling that most everyone agreed:  PCI is getting the worse security offenders up to speed.  There is no guarantee that they are 'doing it right', but most are doing it better.  If the payment system had been designed correctly, then all of this effort to secure payment data would not be necessary.  Sadly, it is too late to fix this because of cost.  Oh, wait. Stop. Actually, that last point was somewhat contentious.

The Great PCI Debate from Shmoocon

I really enjoyed the PCI debate at Shmoocon, but probably because it was more circus than it should have been. (Here's another summary from Anton Chuvakin)  The pertinent points I came away with where:

Re-Designing PCI

I'm by no means a PCI expert, but I find the area of great interest and not just because it gets companies buying two-factor authentication systems (and current customers to update ;). It is a fascinating market to analyze.

Agency problems in the PCI world?

If you are a PCI QSA or a PCI merchant or processor, you might enjoy this article about the relationship between the QSA and the client.  The entire PCI eco-system is quite fascinating.  There's definitely potential for an agency issue in that QSAs are paid by their clients to enforce the PCI Counsel's regulations. 

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom