Category archives: Security

Heartland Processor Breach: 3 indictments announced

Let’s begin with the relevant links: Three Alleged Hackers Indicted in Large Identity-Theft Case – Washington Post The actual text of the indictment There a few items of interest in the indictment worth noting.

Payment Application Security: does it matter?

I spend a fair amount of time discussing security and compliance. In particular, surrounding the details of achieving PCI and PA-DSS. But, more broadly, that compliance is an outcome of a risk-based approach to security. In these discussions, I’ve noticed… continue reading »

Hosted Payment Page and PCI Compliance

Synchronicity is, quite possibly, one of my favourite albums ever produced. It is also, according to wikipedia: two or more events which are causally unrelated occurring together in a meaningful manner. I experienced just such a series of events today.… continue reading »

The Assumption of Connectivity

At present, I’m sitting (somewhat cramped) on a flight for a partner meeting tomorrow…typically, I travel with one carrier (United) as it makes managing the Frequent Flyer programmes substantively easier (and of greater benefit to me*). For this flight, however,… continue reading »

Another Processor Breach: say it isn’t so

I have heard from many of the folk I interact with frequently (security folk, payments folk, developer folk, other folk) regarding the newly rumoured processor breach. Many have asked if I have any information…or know something that others may not.… continue reading »

« older posts newer posts »