VISA released some new guidelines for point of sale locations to comply with. I think it's good that they're working on increasing point of sale security with regards to data, especially for someone like me that rarely uses cash for transactions.
But companies have until 2010 to comply, almost three years from now.
That's an eternity in the security world and likely the measures will already be hacked by the time that they're implemented. With that much time to work on software upgrades, it's almost a losing battle.
Instead I'd like to see VISA and other banking companies focus on building an infrastructure, which includes devices and software for their clients, that can be upgraded more quickly. Build programmable devices that check in every hour with the mother ship and validate the code on them. Then allow upgrades and changes to be mandated within months, not years.
I realize that security is a tough business and there needs to be some balance between change and stability, but to require controls in 2 years seems a little long.
The Voice of the DBA Podcasts
The podcast feeds are now available at sqlservercentral.podshow.comto get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.
Today's podcast features music by Josh Woodward. If you like it, check out his stuff on iTunes or at www.joshwoodward.com.
We welcome comments, ideas, and thoughts about the podcasts. Feel free to send them to me. If you like them, feel free to also tell the boss!