jump to navigation

EMV- CHIP & Choice..not Chip & PIN…Start Moving! March 23, 2015

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

platinum11chip_fr_h_1987After deviating from my ‘security’ theme, I am back to talk about InfoSec.  Last week I had the opportunity to attend Visa Accredited EMV Consultant Training at Visa’s Headquarters in Foster City, CA.  As always, Visa put on a top tier program with numerous experts in Payment Card ‘chip’ technology.  Since the topic was EMV most of the experts were from Across the Pond.  Thanks to Mark, Chris and the others for great training!

For those who are new, EMV or “Europay, MasterCard, Visa” is a technology where a microprocessor ‘chip’ is embedded in a payment card (credit card, debit card, etc.).  It is often erroneously referred too as “Chip & PIN” but EMV really only applies to the Chip technology.  If a region or issuer wants to prefer PIN, they are able.  Visa has a “Chip and Choice” model where they allow Chip with signature, no signature, or PIN depending upon the issuer, the risk and type of transaction (ie. Debit for Cash or ATM require a PIN).  There was too much information over 2 days to talk about in this post but there was one point I learned and wanted to pass on..

In October 2015, Visa is offering a ‘liability shift’ for merchants who adopt EMV.  My belief (it was wrong) until I attended the training was that the EMV liability shift only affected those merchants who 1) accepted a ‘chip’ card and on ‘chip’ transactions.  These are known as ‘chip on chip’.  It is critical that Merchants understand that the liability shift occurs for merchants who accept transacitons over a dual interface terminal (Chip and NFC) who accept transactions of ANY form.  As an example, if you accept 99% mag stripe transactions but you have dual interface terminals…the fraudulent transacion due to counterfeit have liability shifted to the issuer!  It does NOT have to be a Chip on Chip transaction.

The Second important point to remember is that Visa is offering a Technology Incentive Program (TIP) that states if a Level 1 Merchant accepts 75% of transactions over a Dual Interface terminal, they do not have to validate compliance with an onsite assessment.  There are some caveats to this so make sure you read the rules!

To get ready for implementation, ensure you download the Visa Merchant Readiness Acceptance Guide here.

Chris Mark speaking at COMTEC 2014 by TouchNet August 27, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , , ,
add a comment

comtec_v3Chris Mark will be presenting at the 2014 COMTEC TouchNet Client Conference on PCI DSS and data security within the payment card industry.  The title of the presentation will be Hitting the PCI Bullseye.  COMTEC is the premier conference for Higher Education organizations.  I was invited to speak in 2012 but  found myself delayed returning to teh US as I was in the Gulf of Aden providing maritime security.  Below is a description from the TouchNet website.

“Join us for the COMTEC pre-conference PCI Workshop: Hit the Bullseye on November 10th. This power-packed day of PCI and security training is vital for business, security, compliance, audit, and IT professionals who want to stay on target with changes in payment security rules in the coming year. You’ll get real-world advice on compliance and best practices from industry experts and campus leaders who are dedicated to information security.”

 

Chris Mark Speaking at 2014 AT&T CyberSecurity Conference August 25, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

ATTCyberSecurityConferenceAt 10 am on September 3rd, 2014 Chris (that is me) will be speaking at the 16th annual AT&T CyberSecurity Conference in New York City.  My particular discussion will be on the Human Element of Security.  From providing armed force protection in Mogadishu to unarmed security in a psychiatric ward through information security and anti-piracy work in the Gulf of Aden, I have learned that the underpinnings of security transcend all security domains.  My presentation will hit on the concepts of rationality, Knightian uncertainty, parallax, proximate reality, change blindness, deterrence, and threat adaptation to provide tools CSOs can use to make more informed decisions about security.

Now Open! Vets4InfoSec.com Online Community for Vets Interested in InfoSec June 30, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , , ,
add a comment

iStock_000016696389XSmallA few weeks ago I put up a Facebook page for Veterans who may be interested learning more about Information Security.  The response was much greater than I had expected.  In response, I have setup an online community for Veterans interested in learning more about the field.  You can join at www.Vets4InfoSec.com  for FREE!…The objective of the group is to provide a forum for education, discussion, and networking for veterans and current service members who are interested in transitioning or simply wanting to learn more about information security.  If you are not a service member or veteran and want to help contribute to the body of knowledge and provide expertise, please feel free to join, as well.    A number of veterans have made the leap from military to InfoSec.  The current head of the PCI SSC is a Former Marine Grunt!…I am a former Grunt and a number of other folks have moved over… It is a great career and something that is well positioned for military members to have success.

Chris Mark speaking on PCI at a Business Process Outsourcing (BPO) event 2013 June 29, 2014

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
2 comments

I was privileged to be able to speak at an AT&T BPO event in 2013.  In Feb 2014 AT&T Marketing published the videos.  I found one but was unaware they had published all 3. I hope you enjoy. (remember…the camera adds 10 lbs! ;)

Follow

Get every new post delivered to your Inbox.

Join 302 other followers

%d bloggers like this: