Michael Dahn, CTO and co-Founder of the Aegenis Group and the Society of Payment Security Professionals interviews Martin McKeay and David Bergert on the state of the industry for payment security.

Martin McKeay is a QSA working in the world of PCI on a daily basis as well as being the host of the Network Security Podcast.  He has over a decades worth of experience in the security field and has been working specifically on PCI for most of the last three years.

David Bergert is the Technology and Development Director for On-Line Strategies.  David has over 10 years of experience in the payments processing industry including design, development, and operations on both issuing and acquiring platforms. David holds the CISSP, CISA and CPISM/A certifications, has MBA and BA of Accounting degrees, is a former QSA and is a member of the Society of Payment Security Processionals (SPSP).

Show notes:
>> Ellen Richey, Chief Enterprise Risk Officer for Visa, Inc., opening remarks at Visa Security Summit 2009
>> Visa Security Summit press release

This podcast talks about Cloud Computing and Cloud Security with respect to regulatory compliance issues, especially those of PCI DSS.  It highlights several concerns that companies should be aware of when considering moving their systems and/or data into the "cloud".

One of the references in this presentation is to Christopher Hoff's presentation on the SPI Model and technical aspects of the cloud.

Cloud Computing has enabled companies to take virtualization to the next level.  Companies can both deploy this new technology and maintain their PCI DSS compliance, but should watch out for pitfalls that could take them out of compliance.  In this episode Mike Dahn discusses the key aspects of PCI compliance as they pertain to structured virtualized environments, aka. cloud computing.

The Aegenis Group's Chris Mark discusses the economics of PCI DSS and the Return on Investment for PCI related education and certification. 

Visit The Aegenis Group Website

The Aegenis Group's Chris Mark provides and introduction to the concept of Risk and risk management.

Michael Dahn discusses the Return on Investment (ROI) of Reporting a Data Compromise.  Differentiate between security breach, exposure, and data compromise to understand how fraud occurs.

Defining Cardholder Data and Sensitive Authentication Data and how they relate.  Also what Sensitive Authentication Data is and business scenarios why people want to store it.  This is an introduction to the terminology and parameters used.

Mike Dahn, CTO of The Aegenis Group discusses application layer security threats and secure coding practices.

Chris Mark discusses the formation of the Society of Payment Security Professionals.

Dr. Heather Mark discusses aspects of the Fair and Accurate Credit Transaction Act and its impact on the Payments Industry.