RSS

Monthly Archives: May 2010

PCI PTS 3.0 updated – is consolidating requirements better?

14 May

The Payment Card Industry (PCI) Standards Council (https://www.pcisecuritystandards.org/index.shtml) has published the latest version of its security requirements for card-based transactions.  Updated standards have been published for Point of Sale (PoS) devices.

Directly from the PCI Security Council:

Until now there were three separate sets of requirements for Point of Sale PIN Entry Devices (PED), Encrypting PIN Pads (EPP), and Unattended Payment Terminals (UPT). Version 3.0 simplifies the testing process and eliminates overlap of documentation by providing one modular security evaluation program for all terminals and a single reference listing of approved products.

So instead of having three relatively similar sets of requirements, there is one overarching requirement….  Does that mean that we’ve played to the lowest common denominator?  I don’t think so.  Looking at the requirements it looks like there are strong requirements with secure reading and data exchange for devices.  While this doesn’t seem to be a huge stretch for PED (PIN Entry Devices) and UPT (Unattended Payment Devices) devices, it may be more than most are used to for EPP (Encrypting PIN Pads).

The real changes are centered around the new modules of evaluation criteria.

The first, entitled, Open Protocols, applies to Internet Protocol (IP) or to wireless enabled devices. The Secure Reading and Exchange of Data (SRED) module facilitates testing of the secure reading and encryption of cardholder data at the point of entry, and the third module, Integration, is designed to address the integration of components in an unattended POS PIN acceptance device.

The  Secure Reading and Exchanger of Data module seems to directly address the issues we saw come from the Heartland breech.  Encrypting from the endpoint can help to lessen the exposures that allowed the Heartland data to be stolen.

The Integration Module should provide a standard of how processors can attach to and interact with the device as well as the Open Protocol finally calling out some wireless standards.

This is targeted directly at devices that are built for payment cards, so it’s likely we’ll see similar additions/changes to the PCI DSS standard that is similar or supports these.

 
1 Comment

Posted by on May 14, 2010 in PCI, PIN, Security, Technology

 

Tags: , ,

Verizon to make an iPad killer… filed under is this really news?

12 May

http://preview.bloomberg.com/news/2010-05-11/verizon-wireless-is-in-talks-with-google-about-developing-tablet-computer.html

Is anyone surprised that another company is planning to make a touch screen tablet?

Anyone surprised that Verizon wants a piece of this market?

Anyone surprised that Google is planning to use it’s Android platform for a larger touch screen device?

You shouldn’t be.  Microsoft introduced a touch screen “tablet” device back in 2001.  Many manufactures produced PDA’s of various form factors and eReaders have been around for at least a couple of years.  Heck even Apple has been down this road before with the Newton in 1987 (yes, that’s 87).  Even though it was 20 years later when Apple introduced the iPhone, there exist some similarities in the “look” of the platform.

Anyway, back to the iPad killer…

I still stand by my argument that we need this type of computing platform.  (yes need) To expect other vendors to not enter this market space would be naive.  How many new MP3 players hit the market after the iPod was released?  How many other touch screen mobile devices have been introduced in the three years since the iPhone was introduced?  So we should absolutely expect someone to want to compete in this market space.  And that’s a good thing.

Apple has legitimized the market space for this type of device.  While talking it down for years saying a complete and “user friendly” device did not exist, they managed to suppress the market with marketing and now have opened up that space.  Lets we forget that Palm, the guys who really made the PDA popular, have had the WebOS which runs their Palm Pre device and now rumored to power the new HP Hurricane device (which may or may not successfully run Flash).

I will be interested to see the Android based device, as well as the WebOS device.  I stick by my earlier article in that the platforms need to not only be intuitive, but must almost manage themselves for them to really take hold and displace any traditional device (laptop).

So the best I can really say to any article about the iPad killer is.. REALLY?  It must be a slow news day.  I could probably create that story on any given day:

  • GM introduces Ford truck killer!
  • Cheese Cake Factory introduces Friday’s combo killer!  (wait, I might like that)
  • GAP introduces Levis jeans killer!

Get the idea?

At best I think it’s probably a good search engine technique vs an article title (heck, I’m giving it a try).

I guess it’s just a matter of being first to market or at the top of the market.  One way or another you are a target and someone will be aiming for your spot.  The odd thing is, this market has existed for years, it just no one outside the “geek” community really paid any attention to it.

Maybe all the Appleholics are right, you don’t really need it until Steve says you need it….

 
Leave a comment

Posted by on May 12, 2010 in Android, Apple, iPad, iPhone, iPhone HD, mobile, Technology

 

Tags: , , , ,

Older posts