Speaking of Security – The RSA Blog and Podcast

The fallout from the news of the Global Payments breach may be just subsiding, but one thing can already be said – this probably isn’t the last processor that will be breached.

Our team thought it would be interesting to make a few predictions for the upcoming year related to payment security. Some (unfortunately) don’t require a crystal ball, but for many others, the decrypted answer from our secure Magic 8 Ball is probably “outlook not so clear”. I’ll offer five we feel pretty confident about this week, and another five in our next post.

In case you missed it last week, VMware announced their latest version of vShield App with Data Security, which has RSA’s DLP technology embedded to help discover and classify sensitive data in virtual machines. One of the key points here is that data discovery and classification capabilities are now built-in to the virtual infrastructure, making the virtual infrastructure content-aware for the first time. So you may ask, what’s the big deal about being built-in instead of bolted-on?

The PCI Security Standards Council recently made news when they announced that they would no longer be accepting mobile payment applications for PA-DSS compliance consideration. This means that vendors looking to certify new mobile applications or devices are now left in the lurch.

This topic seems to keep coming back, and it’s getting more frequent. I mentioned this as an element of Sin #2, Compensating Control Chaos in my recent paper, and more companies are coming to my team to help them through an inexperienced QSA’s assessment. The worst part is that it is a self-fulfilling prophecy. If you squeeze the dollars you pay a QSA, they will squeeze the quality and thoroughness of what you are getting.

Staying at the Venetian/Palazzo in Las Vegas last week for EMC World, I was struck by the amount of personal information they must be managing for the guests in their 7,000 suites.  Even with repeat guests, they could well average 10 individuals per week per suite, well into the millions of guests per year. And [...]

Let’s use the RSA Conference as a starting point for changing our thinking in 2011

Five years from now, I think we will look back at 2010 as the beginning of a revolution in the way merchants interact with credit card data.

Thanks to a reader who gave me an idea for a blog post! You can suggest your own topics here. Mobile payments means a lot of things to a lot of people. Is it paying for things with that fancy iPhone app? Is it a Wi-Fi or cellular linked payment terminal? Is it paying for [...]

Even before the recent PCI Community meeting, one of the most frequent questions I’ve been asked is about how tokenization reduces PCI scope. Actually, it is usually a merchant asking specifically about how tokenization helps them reduce PCI scope. I will share three ways that using tokens helps a merchant deal with the costs of PCI.