Archive for November, 2008

 
Nov
24
What does Payment Systems Blog post about ?
Posted (db) in General on November-24-2008

Let’s see what wordle has to say:

11-24-2008 9-33-37 AM
(0) Comments    Read More   


 
Nov
21
Do you have "The Knack" of Things ?
Posted (db) in General on November-21-2008

Since it is a Friday, I thought I’d share a clip that a friend forwarded to me:

Anybody that is "technical" should enjoy this:

The Knack: "It’s a rare condition characterized by a extreme intuition about all things mechanical and electrical.""
(0) Comments    Read More   


 
Nov
06
CPISM Study Guide
Posted (db) in CPISM, PA-DSS, PABP, PCI on November-6-2008

CPISMdummiesIn preparation for the CPISM certification, I spent about 3 hours a few weeks ago going through the May 2008 CPISM Study Guide and created files of the material referenced in the CPISM Study Guide in pdf form.

Here is a link to the CPISM Study Guide Materials [~20 MB] 

You can read more about the CPISM here.
(3) Comments    Read More   


 
Nov
06
A PABP compliance press release that raises some concerns…
Posted (db) in PABP on November-6-2008

While scanning though my RSS feeds this morning (Which I have neglected in the past few weeks), I ran into a PABP product release. Let me just include the relevant portions here and not list the company name.

_______________ is a PCI PABP v1.4 (Payment Application Best Practices) validated payment application, Visa USA accepted _______________ as validated based on the review by Trustwave, a well known QSR. _______________ runs on Windows 98 through Windows Vista and supports _________________________________________________________.

Two things that struck me.

  • Trustwave is a QSA ( actually PA-QSA in this role) not a QSR – (Quick Service Restaurant ? )
  • Windows 98 ?  Windows 98 is not secure, and is at End-of-Life (July 2006), does not receive new security patches, and is not something that I would recommend to anyone implementing a new payment application.

How can a a payment application be PABP compliant on an non-secure, not supported, EOL’ed OS ? Interesting….
(1) Comment    Read More   


 
Nov
05
Certified Payment-Card Industry Security Manager (CPISM) Training
Posted (db) in General on November-5-2008

CPISM_Logo This week I’m in Dallas, TX and today, tomorrow and Friday I’m in CPISM Training for two days and take the CPISM exam on the last. Chris Mark is the instructor who is the same gentleman that did QSA training that I attended in San Mateo, CA. I’m looking forward to meet some more folk in the payment space as well as to learn a few new things.  Also Wish me luck on the exam :)

 

 

Here is a link for more info on the Certified Payment Card Industry Security Manager (CPISM)

The following are the topics that I get to refresh myself on:

  • Payment card industry structure
  • Payment card structure and data
  • Payment card transaction processing
  • Compromise fraud statistics and trends
  • Merchant risk analysis
  • Laws and the regulatory environment
  • Payment card security programs
  • Third party relationships
(1) Comment    Read More