Thanks to a member of the PCI Facebook group who mentioned the website Wordle.net. This site allows you to create a tag/word cloud from any text or website. So here’s the PCI DSS v1.2 showing the emphasis per word. You can see “Verify” is very important.

From time to time I check out the search terms that bring people to this blog. Instead of just posting them, I’m going to do a little interpretation of what they might mean about the individual. “not pci compliant” - Concerned merchant that has just been notified they need to get P-C-I compliant. Could also be a service provider whose clients say they will not work with them due to them being “not pci compliant.” ...

Did you miss the PCI SSC’s webinar on PCI DSS version 1.2 in November? Did you miss the Community Meeting in Orlando or Brussels? Do you still want to learn about the changes and updates to the PCI DSS standard? There is one more Webinar you can attend on December 17, 2008. Walt Conway reminds us that: The webinars will be 1-hour, and they are are aimed at merchants and service providers. Bob Russo and ...

I want to take a stand against people who preach technopliance. Technopliance is the believe that compliance only comes through technology, and that getting the wrong technology will make you non-compliant. I’ve always said that technology will not make you compliant or non-compliant, but properly configured technology can reduce risk and help protect cardholder data. Last year, people said virtualization would break compliance. This year, people said cloud computing would break compliance. And every day ...

This week a lucky few people are in Dallas, TX sitting for either the CPISM exam, CPISA exam, or both! Mike Dahn and Dr. Heather Mark taught the CPISA 1-day boot camp, and Chris Mark and Dr. Heather Mark are teaching the 2-day CPISM boot camp. Tomorrow, participants from both classes will sit for the certification exams. (The CPISA entrants sit for both the CPISA and CPISM boot camp classes, as it is an expansion ...

A few days ago I began a conversation with a friend about cloud computing security, because I wanted to know the answers to some pressing questions. What I learned from this conversation is that (1) cloud computing is still in its infancy, and (2) people are still confused about regulatory compliance issues. (Damon at StartupSecurity.info has a great site I recommend you check out.) First, let me say again, as I always do, that regulatory ...

It is important to remember that credit card skimming is an entirely different type of fraud than what the PCI DSS is meant to protect against. Remember that the PCI program has several sub-sections: PCI DSS, PCI PED, and PCI PA-DSS. Each of these are meant to address a different piece of the pie. The PCI DSS is meant to protect against the electronic and paper theft of credit card data within an organization. This ...