PCI Industry standard audit checklist




IT Compliance Institute just released PCI Industry standard audit checklist. It also include a self-assessment questionniare.


Comments

Post a Comment

Popular posts from this blog

Stealing credit card numbers via home Wifi network

The Hong Kong district court heard a computer crime case on 18th June 2007. An African visitor had rented a flat and stole credit card numbers from his neighbor using wireless sniffing, then he used the credit card information to do online shopping. The charge was brought under HK Crime Ordinance Chapter 200 s116 . More detailed information will be available when the judgment is posted online. The 23-year old defendant was caught since he had used his home address for online shopping and the police were able to trace the delivery records. His ignorance of fraud detection systems and traceability of online shopping transactions seems to suggest that he is not a professional criminal. There are lots of ways to use stolen credit card numbers, buying cash coupons and delivering to an unoccupied house's mail box are common. According to statistics , credit card fraudis increasing and costs 3 billion USD in 2006, up from 2.7 billion in 2005. Different measures (like adding chips or usi...
Read more

Risk on Radio

This morning I joined a talk show on RTHK and discussed risk of usnig credit cards. Media attendtion is high after the recent security breach at Cardsystems. The story was uncovered on 17 June 2005, but after 6 days it is still lingering on. WHY? First, I believe this incident is huge in terms of people affected. 40 million card numbers were lost. Secondly, it was uncovered on SAT. I am not joking. One of my lectures in a Crisis Management class told his student in class that when reporters are hungry for news, even lost of a penny can be headline news. On Saturday, when reporters unable to find new story, a incident like this one will be reported by every newspaper. Back to the talk show, there were few people called in. And one mentioned that when he visited a Indian online shop and was diverted to a HSBC credit card website. This website asked him to enter his personal information like birthday and passport number. He worried this may be fraudulent website and asked for advice. As ...
Read more

Unsolicited Electronic Messages Bill

Image
Hong Kong after months of public consultations is proposing an Unsolicited Electronic Messages Bill. This proposed bill has the following major features: 1. Enforce Opt-out (One needs to check before sending) 2. Technology Neutral (cover SMS, FAX and Email) 3. Prohibit address harvesting Generally, HK Government's effort is appreciated and the bill is comprehensive. There is not loophole the drafted bill does not quite get it. Under this bill, government propose to empower the Telecommunications Authority (TA) to set up "do-not-call registers", "which would be to facilitate recipients to opt out from receiving further commercial electronic messages from all electronic marketers and for senders of commercial electronic messages to ascertain the electronic addresses to which they should not send further commercial electronic messages unless they have specific consents. "This kind of register is very likely to be abused by malicious person to validate email address...
Read more