Twitter, PCI DSS posts…

In preparation for a PCI DSS training seminar I am hosting this month I uncovered a few nuggets within the PCI DSS universe that ALWAYS draws questions and concerns.  Catch my 140 character contributions below.  If you are not using Twitter or another search aggregator to identify updates and vulnerabilities you are working too hard (and in non-compliance to some regulations PCI DSS Section 6.2, for instance).  These doesn’t mean tracking persons who post personal items, but find and follow those that have a propensity to discuss items of interest to you!  Start with searching for #PCI and go from there – feel free to follow me of course, and check out the SecurityTwits

• JDeLuccia: In case you missed the update, JCB http://twurl.nl/yucjds (expand) & Discover http://is.gd/C9HH (expand) have validation details published. #PCI #QualityAudit
  4 days ago from TweetDeck · Reply · View Tweet
• JDeLuccia: I have always thought the scope of #PCI should be any SYSTEM / ENTITY “…that stores, process, transmits” + MANAGES “…card holder data!
  4 days ago from TweetDeck · Reply · View Tweet
• JDeLuccia: Save money on #PCI Comp.: Encrypt your data & secure the keys separately – therefore permitted to use NON-PCI providers (applies many ways)
  4 days ago from TweetDeck · Reply · View Tweet
• JDeLuccia: Are you challenged by what a Svc Provider is in #PCI land http://twurl.nl/cuxvx3 (expand) ? It is easy: anyone BETWEEN the Merchant & Card Brand
  4 days ago from TweetDeck · Reply · View Tweet
• JDeLuccia: #PCI .. Acquirers responsible for Merchant compliance (per regs…) and they are LIABLE for damages resulting from non-compliance
  4 days ago from TweetDeck · Reply · View Tweet
• JDeLuccia: #PCI .. Are your 3rd party applications Authorizing / Settlement transactions? if so… need to have them validated .. PA-DSS
  4 days ago from TweetDeck · Reply · View Tweet

Kind regards,

James DeLuccia