QuickBooks PCI Compliant

Beginning in 2004, the single most important question that merchants need to ask about their business software has to do with PCI Compliance. “The Payment Card Industry (PCI) has created the Data Security Standards (DSS) in order to support merchants. Credit Card companies now require merchants to be aware of and compliant with the Data Security Standards… Merchants, Is Your POS System PCI Compliant?”

Point of Sale or POS systems bear the brunt of the load when it comes to credit card transactions in the modern retail sales business establishment. It’s nice to know that according to VISA’s List of Validated Payment Applications , Intuit’s QuickBooks ranks as a fully PCI compliant software. I consistently recommend QuickBooks Merchant Services to clients mostly because it mitigates PCI risk.

I also recommend that people use the old style dial out or dual ip-dial out credit card terminal that uses a standard telephone line whenever possible because it shifts PCI compliance back to the merchant service provider. Avoid the newer network type terminals because no typical small business network can pass PCI’s muster without the business spending a great deal of money on special firewalls and logging software.

terminal_vx570

I’m simply amazed that since 2004, credit card companies and banks have successfully shifted the risk of data breach to merchants that use their services all while building inherently less secure transactional hardware and software APIs simply because of the need to connect through the Internet.

Merchants are in a terrible position. Check out  this video.

The bankers birthed an entire new business model on unloading credit card risk to merchants. Kind of reminds you of the ridiculous fees and interest rates we are paying to the same banks.

Millions tricked by 'scareware'

Great article on BBC this morning detailing the “security” software forced on unsuspecting computer users. Fortunately, two simple solutions will stop this dead in it’s tracks.

Use OpenDNS when configuring your home or office network. Your web browser will not go where a name cannot be resolved to an ip address.

Use a UTM device for your firewall. Unified Threat Management should be the choice of any educational or business entity. This year, UTM is now affordable to home network users.

If all else fails, buy your security software from a reputable manufacturer.

Cyber Security?

Have you read the latest news about “Cyber Security”

Homeland Security Dept. Seeking Computer Hackers To Help Secure Federal Systems

Secret White House Helicopter Data Found On A Computer In Iran?

Chinese, Russian hackers ‘probing US power grid

So now we are going to hire “hackers” who by definition are criminal by nature to help “Secure Federal Systems”  I can hardly believe this is real.

A quick look at the “hacker jobs” listed at the General Dynamics Advanced Information Systems Information Technology “Functional Area” referenced in the article, tells a potential enemy most of everything they would need to know to begin mounting an assault on government systems.

Who in their right mind would publish top secret detailed job descriptions like this to the Internet?

Do you know that our government uses the SUN Identity Management Suite specifically Sun Identity Manager and Sun Access Manager to manage security to government systems? A mediocre Chinese computer scientist could easily have obtained the information to piece together the architecture of a “secure” systems deployment.

If that’s not bad enough, the Chinese computer scientist can just as easily route TCP/IP packets to our government networks for the purposes of probing and discovery, because we both utilize TCP/IP.

But, our government networks are protected by sophisticated firewalls, content filtering and intrusion protection, all designed and coded by computer engineers from China, India and other countries around the world.

When it comes to Government Information Technology and so called “Cyber Security”, we are suffering from a serious case of extreme stupidity.

This entire Internet paradigm needs to go, before we loose both our infrastructure as in water, electricity and communications as well as our military competitive edge. We are wide open here.

We need to get government data and communications off of the Internet, now!