Cisco Blogs


Cisco Blog > Cisco Interaction Network

PCI Compliance Made Simple

September 22, 2011 at 10:16 am PST

ID Please?

Many have argued that the PCI DSS, Payment Card Industry Data Security Standard is too complex to be realistic in a real-world environment. Cisco takes the opposite stance maintaining that the principles and security standards contained within the documentation should actually be considered a minimum. The true challenge being not in the implementation but in the ongoing management -- the maintenance if you will.

This show promises to layout a simplified view of the standard with real-world, practical advice where anyone can find exactly how they would apply their unique situation. We have pulled out all the stops with our story-telling and top notch guests as we have members of the standards board, networking experts and certifies QSA auditors joining us.

PCI. It’s not just for Breakfast

It’s amazing how many networks fall into the “compliance required” category.  For PCI it only takes one credit card transaction to be at risk…but rather than focus on the negativity of the required audit – this topic and the maturity of the standard is actually good for ANYONE interested in protecting their data.  You may have the typically binary response as to whether this show applies to you…but I think you need to give it a go.  You may be surprised….the show and the Shownotes are after the jump.

Read More »

Tags: , , , , , , ,

In Between the Numbers: The value of m-commerce: Is it where we think?

September 21, 2011 at 7:58 pm PST

 Thinking today about mobility – cell phones, smartphones, tablets – and where and when it’ll be changing the rules of retail.

 Forrester made a solid case this June that it won’t be as a transaction tool.   They – and eMarketer.com – expect M-commerce to be only 7% of total E-commerce revenue by 2016, which means M-com will total only 1% of retail merchandise purchase market.

 Gartner made the case this May (echoed by Forrester) that it won’t be as an electronic wallet – at least not until 2015 and beyond.  Despite the fact that some 40-50 NFC-enabled smart phones will be shipped this year, the complexities of collaboration between service providers, financial institutions, retailers, and standards bodies is rendering progress slow and tortuous. (To see a preview, rewind to the past decade’s EPC-RFID efforts.)

 And yet: The future of the personal communication and computing is increasingly mobile, and that means retailers are looking at a potential opportunity.

Read More »

Tags: , , , , , ,

Art of Compliance – Converging PCI Security Science and Art

When most people think about Payment Card Industry security, they think of architecture designs and security standards documents to help merchants protect cardholder data.

As the Cisco retail team worked on our Cisco solution for PCI DSS 2.0, we decided to combine the Science of Compliance (Cisco solution and the Validated Design Guide) with the Art of Compliance, a series of artistic work interpreting security in a new light.

Working with Adam Hagen, Cisco Global Integrated Marketing Communications Manager, Cisco worked with a series of artists in multiple disciplines including paint, digital, sculpture and video, and asked them to interpret security through their eyes. 

The result is a series of artwork, some of which are incorporated into the Cisco PCI DSS 2.0 Design Guide, plus an online gallery  is located on http://www.cisco.com/go/pci2art and on Cisco Retail Flickr

The artwork will be on display at the Payment Card Industry Council North America Community meeting September 20-22 in Scottsdale Arizona as part of Cisco and our partners HyTrust, VCE and RSA sponsorship of the event.

To learn more about some of the artists and their interpretation, we filmed some of the artists with their creations while it was installed in the Cisco San Jose campus for a limited run.

Read More »

Tags: , , , , , , ,

In Between the Numbers: The “Learner” Segment of Consumers: Should Retail Take an Education Class?

September 8, 2011 at 9:14 am PST

The sight of Crayola crayons stacked high to fly at the local mass merchant brought these back-to-school thoughts to mind.

 Colleague Dr. Jeff Loucks and I surveyed US consumers this past spring regarding their confidence – or lack thereof – in using consumer electronics devices and content services.

 No surprise that we found a cluster of early adopters, a male-dominant group of device-loving consumers of all forms of bits and bytes.

 What was surprising – at least at first glance – was the discovery of a group that we might call “learners” that is more than twice the size of the early adoption group.

 The “learner” group was no stranger to technology: No Luddites among the Learners. What distinguished them was that they didn’t know how to do all the things they might like to do and wanted to learn more.

 This suggests they would respond with enthusiasm – and more importantly, with Visa and MasterCards – to the brand that was willing to invest in their education.

 Consider for a moment: Pew Research estimates that 21% of American adults search online for product information on a typical day. That’s about 49 million persons. Consider that comScore estimated that last year there were six million Internet searches for dining recipes – every day.

Combine this research with the Pew and comScore numbers, and a sharp-edged hypothesis begins to emerge:

  Read More »

Tags: , , , ,

Cisco views on the new Payment Card Industry DSS Tokenization Security Guidelines

The Payment Card Industry Security Council recently released the PCI DSS tokenization guidelines clarifying how tokenization affects PCI compliance and securing cardholde data.  I sat down the Christian Janoff, Cisco retail industry architect whose team  has just finished work on the Cisco Design Guide for PCI DSS 2.0 to talk about his views about this guideline.

Christian’s view of the new tokenization guideline supplement are:

Read More »

Tags: , , , , , ,