Perhaps it is best if I start this entry with a disclaimer. <disclaimer> I am not, and do not pretend to be, a security expert.  If you need the advice and assistance of a Qualified Security Assessor (QSA) or other security firm specializing in compliance, they are listed on both the Visa and PCI Security [...]

PABP has officially been accepted by the PCI Security Standards Council and will become PA-DSS.  The announcement, which can be read here, represents a MAJOR change in how data is protected when processed in (or perhaps through) software applications. This announcement, particularly when taken in light of the recent Visa mandate, is a strong statement [...]

Last week I had the opportunity of joining Pat Callahan, of Practical eCommerce, in a discussion about Payment Card Industry – Data Security Standards (PCI-DSS). In this discussion we touch on the topics below, among others. What is PCI? Is it mandatory or voluntary? How can you tell if a site is adhering to PCI? [...]

I spoke, briefly, in my last entry about the concept of a Rich Internet Application (or RIA).  Quite possibly the best example, that I’m familiar with, is that of eBay Desktop. In perusing the Web 2.0 presentations (last April), I stumbled upon a presentation from Alan Lewis.  You can read more about the presentation, and [...]