Jan 09 2009
I recently asked on Twitter for names of blogs/bloggers who covered the Payment Card Industry and found a few new blogs thanks to the replies. I started a list that came to a little under a dozen sites who cover PCI fairly regularly. Well, my little list is blown away by a list of banking and payments blogs over at Payments News.com. A lot of the sites they list don’t cover PCI, but the majority of them at least hit on it from time to time.
Here’s a link to their list and mine:
- Payments News: Updates from other banking and payments blogs.
- PCI Answers – A good place to start
- Michael Farnum, An Information Security Place – Watch out, Michael works for a competitor
- Anton Chuvakin, Security Warrior – Also works for a competitor
- Ron Gula, Tenable Security – In depth discussion of how his products can help with compliance
- David Bergert, Payment Systems Blog
- BrainTree Payment Solutions – This one’s new to me
- Update: Walter Conway suggests I add the Treasury Institute for Higher Education. I’ve had Walter’s work pointed out to me before.
- Update 2: A couple more suggestions, Perimeter eSecurity and Trey Ford – Security Spin Control
- Update 3: Chris Hayes sometimes writes about PCI at Risktical Ramblings
- Update 4: Payment Card Security & IT Controls Explained, PCI DSS Compliance Blog, Branden William’s Security Convergence and Storefront Backtalk,
And to finish it off, here’s a good article about how to choose a PCI DSS QSA auditor. James DeLuccia is basically telling potential clients to slow down and set some ground rules with the auditor and the company before you sign any paperwork. Be certain you understand exactly what you’re getting and what you’re not getting with a particular auditor or company. This article does assume you’re working in a company that’s big enough to have a separate Internal Audit department, but most of the lessons can scale down to a company with a security staff of one.