jump to navigation

“August 2012 TransactionWorld Magazine” – Chris & Heather Mark’s Articles August 13, 2012

Posted by Chris Mark in cybersecurity, Data Breach, Industry News.
Tags: , , , , , , , ,
add a comment

Chris and Heather Mark both have articles in the August 2012 issue of TransactionWorld Magazine.  Chris’ is titled: “The Impact of the Fortress Mentality  & Today’s Compliance Strategies” while Heather’s is titled: “After the Compromise; Security Incident Response and Mitigating the Damage”

One note.  I apparently forgot to update my bio with the Editor in Chief so the article erroneously references me as the Executive Vice President of Data Security and Compliance for a payment processor.  You can visit Mark Consulting Group at the following: www.MarkConsultingGroup.com

2012 European Central Bank Report on Card Fraud August 6, 2012

Posted by Chris Mark in News.
Tags: , , , , , , , , , , ,
add a comment

In July 2012 the European Central Bank released a report on bank card (debit, credit, etc.) fraud in the Single Euro Payment Area (SEPA).  According to the report, the total fraud equaled €1.26 billion in 2010.  For those in the payments industry, this report is an interesting look at the fraud patterns related to card usage. You can download the report here.

“The Fortress Mentality & Data Compromises” – Chris & Heather Mark in August 2012 TransactionWorld Magazine July 31, 2012

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , , , ,
add a comment

This month’s TransactionWorld magazine includes an article by me (Chris Mark) titled: “The Impact Of the Fortress Mentality and Today’s Compliance Strategies”.  The article discusses, among other things, the Global Payments breach, PCI DSS compliance, and provides an overview and opinion on today’s focus on compliance with static standards as opposed to risk based information security.  One important note. I neglected to send an updated BIO to the editor so it still references my position at ProPay.  I have not worked at ProPay for over a year 😉  You can read more about my company Mark Consulting Group at www.MarkConsultingGroup.com.

Heather Mark is also in this month’s TransactionWorld with an article titled: “After the Compromise: Incident Response Plans and Mitigating the Damage”  Heather speaks about data compromises and provides good insight into strategies companies can employ to minimize the impact of such breaches.

“This is the American Express Fraud Department” – Two Dozen Carders Arrested on 4 Continents June 26, 2012

Posted by Chris Mark in cybersecurity, Industry News.
Tags: , , , , , , , , , ,
1 comment so far

Lnight my wife received an email about a suspcious transaction on our Amex card.  Turns out it was a fraudulent transaction and my wife’s card had been stolen.  I was writing a blog post on this very subject when a Google alert informs me of this article on Foxnews.  “Two Dozen Arrested in Online Financial Fraud Sting”.  According to the article:  “Two dozen people on four continents have been arrested in an elaborate sting  targeting a black market for online financial fraud, federal officials in New  York said Tuesday.

U.S. officials called the crackdown in United States, Europe, Asia and  Australia the largest enforcement effort ever against hackers who steal credit  card, bank and other information on the Internet — a practice known as  “carding.”   The officials claimed the two-year FBI sting protected more than 400,000  potential victims and prevented losses of around $205 million.”

On that note, I recommend that you take a look at the book “Fatal System Error”…gives very good insight into the underworld of Carding.

“Blaming the Victim and the PCI DSS is…Passe”- PCI DSS; GlobalPayments & Data Theft April 1, 2012

Posted by Chris Mark in Data Breach, Industry News, InfoSec & Privacy, PCI DSS, Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

In an effort beat the “PCI Evangelists”; “wagon jumpers”, “naysayers”, and “PCI Haters” to the punch, I am publishing my post on a Sunday evening.  By tomorrow morning the speculation on how the GlobalPayments compromise occurred will be in full swing and no doubt, many will have already condemned the company for “PCI DSS non compliance” or being “sick, lame, or lazy” when it comes to their PCI DSS compliance or information security.  Others will have published articles condemning the PCI DSS as ‘ineffective’, ‘irrelevant’, or simply ‘stupid’.

Before they are condemned I want to go on record and say it NOT a PCI DSS compliance issue that caused the compromise. Like Heartland Payment Systems, Royal Bank of Scotland Worldpay and many more before them, GlobalPayments has been held out as the paragon of PCI DSS compliance for years.  Now that they have been breached they will be expected to wear a scarlet letter for the foreseeable future. I have no doubt that by the end of next week their status as a “Level 1 PCI DSS Compliant Service Provider”  will have either been revoked by the card brands or be under “review”.In the same vein, there will be many who shout from the rooftops that the PCI DSS is “irrelevant”, “outdated” and so on.  Neither of these positions are accurate.

Here it goes…(drum roll please)…

The PCI DSS is a solid set of information security controls and represents minimum necessary controls to minimize the likelihood of data compromise through common, identified vulnerabilities. (more…)

%d bloggers like this: