Wednesday, September 29, 2010

PCI Summit Presentations

The people at BrightTALK have put together a PCI Summit with a collection of webcasts, some of which you might find interesting...including a particularly informative one on tokenization by yours truly (humble, but I have to be honest...sort of). You can click here to head over to the site and see what's on offer.

Presenters including such PCI leading lights (and friends) as Dr. Anton Chuvakin and Michael Dahn, both of which have enlightened us at the Institute's PCI Workshops.

You may find it a productive use of a lunch hour or two.

Friday, September 24, 2010

Tokenization Webcast

Many Higher Ed institutions are looking at tokenization as a means to reduce their PCI compliance effort (and cost). But tokenization may not always be as easy as it may seem.

Next Tuesday, September 28 at 9 am Pacific Time/noon Eastern, I will conduct a webinar on "Reducing PCI Scope with Tokenization: Opportunities and Challenges." You can surf over to the BrightTALK website and register. If you can't make it that day, they will have the recording available for you to listen at a later date.

I will explain the basics of tokenization, what it can and cannot do, and some important questions you need to ask before you plunge into it. I am very excited about this webinar, and I hope you and others will find it useful.

Wednesday, September 1, 2010

Cyberthieves Hit Another University

This post isn't PCI-related, but it does address your security and your money, so read on...

According to a report in Krebs on Security, cyber thieves made off with nearly $1 million from a University of Virginia satellite campus:

According to several sources familiar with the case, thieves stole the funds after compromising a computer belonging to the university’s comptroller. The attackers used a computer virus to steal the online banking credentials for the University’s accounts at BB&T Bank, and initiated a single fraudulent wire transfer in the amount of $996,000 to the Agricultural Bank of China. BB&T declined to comment for this story.

Sources said the FBI is investigating and has possession of the hard drive from the controller’s PC. A spokeswoman at FBI headquarters in Washington, D.C. said that as a matter of policy the FBI does not confirm or deny the existence of investigations.

The attack on UVA Wise is the latest in a string of online bank heists targeting businesses, schools, towns and nonprofits. Last week, cyber thieves stole more than $600,000 from the Catholic Diocese of Des Moines, Iowa.

What's wierd about this is that usually the funds are transferred in smaller amounts so as not to get the attention of banks or the victim.

I spoke about this risk at the Treasury Institute's Symposium earlier this year. Several attendees said it couldn't happen to them or their school. I hope they are right. But I wouldn't plan on it. I know some of the Treasury people at UVa, and they are sharp, professional, and very capable. If this can happen to one of their campuses, it just might be a warning to everyone.

Do you have, say, an extra million or so? Probably not, so it may make sense to have a conversation with your bank about when they will and will not authorize electronic transfers.

Just a suggestion. Now, I'm going back to PCI...