Better understanding of the Target breach through Credit Card anatomy

Adrian Sanabria of 451 Security posted a detailed explanation of two different security codes for a credit card: one that we are asked for when paying online or over the phone (card-not-present transactions) and another that is used when the card is actually swiped (card-present transactions). The card-not-present security code is printed on the card; the other one is stored in the card’s magnetic strip.

This is a confusing topic because different terms for both security codes are used interchangeably by merchants, payment service providers, and even card brands themselves. The most resent example of confusion was Target.

It is a somewhat lengthy read but well worth your time: Better understanding of the Target breach through Credit Card anatomy

Adrian not only explains which is which but also provides several examples of both types of security codes for several different payment cards. Those examples show that the two always have different values used for different purposes.

Top 13,370 things to consider when using @PayPal

This is yet another horror story about PayPal’s payment reserve policy, but unlike those I head before it offers a solution: don’t run away from PayPal but use it in tandem with a very inexpensive merchant account from PowerPay.

I love constructivism much better than rants, no matter how well justified they are, and what PowerPay offers looks really good.

Top 13,370 things to consider when using @PayPal

PCI Compliance Deadlines

Knowing the deadlines for the Payment Card Industry Standards (PCI DSS, PA-DSS) is critical for merchants, developers, and payment service providers alike. Unfortunately, card brands who enforce compliance have different deadlines and even different levels for merchants and service providers.

This comprehensive list for all payment card brands not only has deadlines and levels, but also links to each brand’s PCI compliance program:

PCI Compliance Deadlines | PCI DSS Compliance Blog