Payments Basics: Commerce Security Fundamentals
Very complex, detailed content. Whets the appetite for more.
It is probably best to start this post with a disclaimer. I am not a Qualified Security Assessor (QSA). . .I do not sit on the PCI Security Standards Council. . .Rather, I am only one of the many voices discussing the importance of PCI-DSS and PA-DSS. As IP Commerce is a company that provides toolkits to ease the pain of payments integration, security is (understandably) of great import to us.
In the continuing vein that education is key, I worked with the Microsoft ISV Innovation team to provide a web content giving an overview of the PCI-DSS and PABP (now PA-DSS) standards. If you are interested in listening to a recording of the event, the content is here. In addition, you can obtain a .pdf copy of the presentation at Commerce Lab.
Rather than repeat the content of the presentation in written form (and believe me, it is tempting). . .I encourage you to read/listen/download/absorb via osmosis/whatever the content in the presentation. Again, I am only one of a number of voices discussing this topic. I would highly recommend the following for continued learning:
- PCI Blog – Compliance Demystified
- The Aegenis Group
- Coalfire
- Society of Payment Security Professionals
What’s your perspective? Agree? Disagree? Anything to add? Critiques?
The comment form is below. . .
July 21, 2008