Just attended a PCI-DSS workshop organized by VISA, wow, sure was worth it. Have read the PCI-DSS docs a number of times but the whole classroom experience was very valuable.
Some important items worth noting:
- The idea behind the PCI program is to “Render the credit card data unreadable”, they way you could accomplish is: encrypting, hashing, truncation.
- PCI DSS - Is the standard itself
- AIS - Is the enforcement program
- Data that can never be stored, unless you are a credit card issuer:
- Mag-stripe data
- CVV2
- PIN/PIN Block
- As per the requirements, you must notify your acquirer of a possible breach within 24 hours
- PCI DSS has about 230 requirements
- PCI DSS is based on fundamental data security practices:
- Data controls
- Network controls
- System level controls
- Application controls (Code reviews, app testing)
- Policies
- Physical Controls
- VISA is moving PABP from “best Practices” into a formal security starndard managed by the PCI SSC as the Payment Application Data Security Standard (PA-DSS)
- PCI Security Standards Council, launched in September 2006, is a global forum for the ongoing development and enhancement of security standards for account data protections, including the PCI DSS
Came across this news article VoIP tragedy underlines need for up-to-date information, a child dies only because the parents choose to use a VoIP phone. VoIP services provide a load of features for a very low price compared to the conventional phone system (POTS). Consumers allways shopping for a bargain, with all the features, VoIP also has some drawbacks, from its inception its has had issues with 911 service.
Because of the portability of this type of phone service it becomes difficult to locate where this service is being consumed, unless the user takes ensure their address and other details are updated as they move. With POTS based phones unless you submit an request to move the service, you will not get it at the new address, and again since you are moving there there are other addres changes also.
With the advent of “PAPERLESS” bills, which we receive via emails, snail mail address no longer has any bearing. If you can get to internet, you get your phone bill, and other bills also. Hence users who rely heavily on internet for their bills via emails and paying them via internet banking, no longer need a snail mail address any more.
In my opinion this whole internet thing is good from a convenienct point of view, but like everything else it has its drawbacks, which consumers do not realize, and by the time they realize it is too late, as in this case a baby died.
BTW, cell phones also share the same issues as VoIP from 911 perspective. Triangulation is one methond of locating a subscriber, but it is still not as accurate as the good old POTS.
I shall use POTS as long as my provider is willing to provide it, and hopefully when they withdraw the service VoIP and Cell Phone service would have matured in terms of process and tracking perspective.