Aug 13 2009
Thursday morning PCI articles
Not a lot of time to write at the moment, but that will be changing soon. So instead of giving you my own rant on a couple of issues, I’m going to point you to other people’s articles. Especially in the case of my Rich Mogull’s response to an interview with Robert Carr from Heartland.
- MasterCard to fine Merchants for non-compliance – I think I’ve linked to this article before, but it’s a building block for the next article from Branden Williams
- MasterCard clarifies their position – The most important things I see here is that MasterCard is saying no Level 1 or Level 2 merchants can self-assess from this point on, followed closely by the statement that a merchant must be compliant with PCI-DSS before taking MasterCard transactions. These are both very important, and in my opinion, good steps to take, but we should be hearing a lot of screaming and gnashing of teeth from the merchant community soon.
- Heartland CEO on data breach: QSAs let us down – Can you spell ‘personal responsibility’, Mr. Carr?
- An open letter to Robert Carr, CEO of Heartland Payment Systems – Rich does a better job than I could have done of tearing apart Mr. Carr’s comments about his company’s breach being the QSA’s fault. And I bet Rich doesn’t have nearly as much spittle on his screen as I would have had.
- One man’s view: Heartland CEO must accept responsibility – Mike Rothman’s probably the one man who’d be spitting and screaming at his screen more than I would when writing a response to Mr. Carr.
- Just Added! Will the real leader please step forward – I like Andy’s comment that “he should … take his golden parachute and go home”
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
[...] View original post here: Network Security Blog » Thursday morning PCI articles [...]
[...] the rest here: Network Security Blog » Thursday morning PCI articles Share and [...]
[...] morning when I collected a bunch of PCI articles I thought people might be interested in, I thought that was going to be end of it. Not much [...]
[...] that the PCI DSS specifically calls out to protect against, this blows a pretty big hole in the case Heartland CEO Robert Carr made that his QSA let him down. We’ve known about SQL injection for years and there should be no need for a QSA to [...]
[...] PCI DSS specifically calls discover to protect against, this blows a pretty bounteous mess in the case Heartland CEO parliamentarian Carr prefabricated that his QSA permit him down. We’ve famous most SQL shot for eld and there should be no requirement for a QSA to verify [...]
[...] farewell when I composed a bunch of PCI articles I intellection grouping strength be fascinated in, I intellection that was feat to be modify of [...]