by Jesper Kråkhede, Sweden
Posted in Compliance on Sep 29th, 2007
Apparently there is a ongoing misunderstanding regarding the difference in what you have to do when you are a level 1 or level 4 merchant. It is important to understand that ALL rules apply no matter your level but the way you prove it to the auditor differs. The main issue is that if there […]
Posted in Compliance on Sep 11th, 2007
Just want to share my joy regarding a certification. I do now possess GPCI, GIAC Payment Card Industry, from www.giac.org. Apparently number 50 world wide.
Posted in Compliance on Aug 16th, 2007
During my years as a security consultant I have seen many solutions that makes me wonder: “What were they thinking?” The last few weeks I have had the opportunity to learn a lot about the settlement transfers from POS(Point Of Sale) to the clearing house. I many cases they turned out to be good but […]
Posted in Compliance on Aug 2nd, 2007
Today I got the question from a POS (Point Of Sale) vendor if it is OK to store the credit card numbers in the RAM of the computers. The issue from the POS-vendor was regarding the statement file that should be sent to the bank. Is it allowed to have the file unencrypted in memory […]
Posted in Compliance on Jul 2nd, 2007
Logging and monitoring as a big issue in many compliance schemes today, not least PCI DSS. One very good tool for auditing and monitoring computer logs on hetrogenic platform is Operations Manager 2007. If you are interested in this product take a look at www.contoso.se. The founder and webmaster of that site, Anders Bengtsson, was […]
Posted in Compliance on Jun 18th, 2007
When I am out having workshops regarding implementation of PCI DSS one of the first questions I ask is: Why do you save the information? It have turned out that not a single company has had the need to store the information for a longer timeperiod then 10 minutes. Something to think off when you […]
Posted in Compliance on Apr 21st, 2007
When looking at the requirements for PCI DSS it is quite obvious that you need a more or less hack proof setup. This is all good and well but during the latest years changes has been done in how a hacker works. Now it is not only the operating system that is attacked but the […]
Posted in Compliance on Feb 20th, 2007
Here is a nice link for PCI DSS information. It is quite useful as a startingpoint for your PCI DSS certification. http://pcianswers.com/2007/02/17/pci-awareness-month
Posted in Compliance, Security Architecture on Feb 15th, 2007
Are you using credit cards at your website or in some other parts of your business? PCI DSS stands for Payment Card Industry Data Security Standard and is a rather technical approach how you should protect your information. The fees and fines if you loose the credit cards are really high. How should you proceed […]