Category archives: Security
Heartland Processor Breach: 3 indictments announced
Let’s begin with the relevant links: Three Alleged Hackers Indicted in Large Identity-Theft Case – Washington Post The actual text of the indictment There a few items of interest in the indictment worth noting.
Payment Application Security: does it matter?
I spend a fair amount of time discussing security and compliance. In particular, surrounding the details of achieving PCI and PA-DSS. But, more broadly, that compliance is an outcome of a risk-based approach to security. In these discussions, I’ve noticed… continue reading »
Hosted Payment Page and PCI Compliance
Synchronicity is, quite possibly, one of my favourite albums ever produced. It is also, according to wikipedia: two or more events which are causally unrelated occurring together in a meaningful manner. I experienced just such a series of events today.… continue reading »
The Assumption of Connectivity
At present, I’m sitting (somewhat cramped) on a flight for a partner meeting tomorrow…typically, I travel with one carrier (United) as it makes managing the Frequent Flyer programmes substantively easier (and of greater benefit to me*). For this flight, however,… continue reading »
Another Processor Breach: say it isn’t so
I have heard from many of the folk I interact with frequently (security folk, payments folk, developer folk, other folk) regarding the newly rumoured processor breach. Many have asked if I have any information…or know something that others may not.… continue reading »