PCI Compliance Stats

December 31, 2007 was a PCI Security compliance deadline for a lot of large merchants in the United States who handle customer credit/debit card information. VISA recently provided statistics, indicating how many of these larger merchants have validated their compliance with the PCI Data Security Standards.

As of December 31, 2007:

• Level 1: 77% of 326 merchants are compliant – 50% of total transaction volume
• Level 2: 62% of 709 merchants are compliant – 13% of total transaction volume
• Level 3: 54% of 2596 merchants are compliant – 5% of total transaction volume
• Level 4: no action/requirements for ~6M small merchants who account for the remaining 32% of VISA transaction volume

All merchants who take credit/debit cards need to comply with the data security standards, but for the sake of validating compliance, VISA classifies merchants in different levels based on the number and type (card-present vs. eCommerce) of transactions they process each year:

• Level 1 merchants process over 6M VISA transactions/year and need to validate their compliance with a detailed, 3rd-party on-site audit.
• Level 2 merchants process 1-6M transactions/year and need to validate their compliance with a detailed self-assessment questionnaire.
• Level 3 merchants process 20K - 1M eCommerce transactions/year and need to validate their compliance with a self-assessment questionnaire.
• Level 4 - all other merchants - no compliance dates specified, but they'll use the self-assessment questionnaire as well.

My employer is a Level 1 Merchant, and I'm happy to report that we validated our compliance prior to the December 31st deadline.

The toughest problem for the banks and card-issuing organizations is how to help the Level 4 merchants get compliant. There are so many of them; they comprise 99% of all merchants. Individually, they don't process many transactions, but most of the security breaches come from them because they tend to be lax on security. Organized crime has targeted the larger merchants because they have larger quantities of credit card data, and a single breach can yield 100M cards. Consequently, most of the data is released from the few largest merchants, but most of the breaches happen with the smallest merchants.

Hoax Emails

I still occasionally receive copies of hoax emails from concerned friends and family, warning about some nasty virus or other form of malicious software. They use dramatic language and urge the reader to "forward this to everyone you know!" Sometimes, the original author of the message will even claim to have checked it out on one of the many hoax database sites (such as www.snopes.com). Don't believe it. I have yet to receive a single legitimate warning. Furthermore, credible information security practitioners don't send these messages; they apply technical controls that don't rely on human participation (examples: the anti-virus software on your computer, filtering your email messages, and filtering your web traffic).

To check for yourself if a message is a hoax, all you have to do is copy a distinctive sentence from the message and search for it on Google. This will give you a list of hoax sites that will tell you about the message, including such details as how long this particular hoax has been circulating on the Internet (many for over a decade).

Years ago, malicious people would write viruses that would read your contact list and email the virus to everyone you know, often creating a denial of service attack by overwhelming the network or email infrastructure. A hoax email is effectively one of these. It's as if the virus writer is saying, "I'm not smart enough to write a virus program that will read your contact list and email itself to all your friends, so would you do this for me?" Duh. :)

Island Lake

From Island Lake 2007

Michael and I took our seventh and final backpacking trip in 2007 (November 10-11) a little spontaneously. Melissa was having some of her college friends over for a girl's weekend away (at our house), and so the boys needed to clear out. There was a good chance that it would rain that weekend, but we decided to go check out Island Lake anyway. To put this in perspective, it's important to know that the US Forest Service closes the road back to our usual stomping grounds (Grouse Ridge and environs) from November 15 to May 15 every year because of snow; so we got in just a few days before they closed the roads for the winter.

We drove up to Feeley Lake on Saturday, and it started to drizzle on us just after we hit the trail. It's not very far to Island Lake from there (just a couple miles), and by the time we got to Island Lake, it was raining pretty steadily. We donned our rain clothes, pitched our tent, and went for a hike around the lake. By the time we got around the lake, I was noticing that at some of the abandoned camp sites along the way, the flat spots where people usually pitch a tent were filling up with rainwater like little ponds. "Hmmm... I think we better move our tent!" Sure enough, our tent was sitting in a pond. We moved the tent twice and gave up on the nice flat spots, settling for a lumpy spot on a little hill. The firewood was soaked, but with considerable effort we managed to get a campfire going anyway. That helped a lot. A roaring campfire makes sitting in the rain a lot more cheerful! We turned in early, and listened to the driving wind and rain all night long. I managed to get some intermittent sleep, and I'm happy to report that our tent actually kept us dry.

From Island Lake 2007

By morning, the rain had stopped and the wind had died down. In fact, it was actually very hushed. I poked my head out of the tent, and lo and behold, there were several inches of snow on the ground! Cool! We weathered our first little storm of the winter! It was pretty chilly, and we weren't really prepared for snow, so we made some hot tea, had breakfast, took some pictures, and hiked out. We were camping at about 7000 feet elevation, and I think we were fortunate that it wasn't colder. Some of these storms in the high Sierras can dump several feet of snow, which would have trapped us there.

Michigan Bluff to Deadwood

From Michigan Bluff 2007

On our sixth backpacking trip last year (October 27-28, 2007), Michael and I hiked the Michigan Bluff to Deadwood trail. It's a portion of the Western States 100-mile ultra-marathon, and it's on the National Register of Historic Places. The trail was built in the early 1850's to serve the gold rush, and it remains much the same today. We camped in a beautiful spot along the Eldorado Creek, and we hiked a little further along the trail toward Deadwood. We found the remains of an old miner's cabin near the creek, and we found a huge nest of lady bugs!

From Michigan Bluff 2007

It's beautiful country, and as you can see in the above photo, the leaves were showing some autumn colors. This was supposed to be our last trip of the season before the rains came, but we managed to get in one more trip two weeks later...

Big Basin Redwoods

From Big Basin Redwoods 2007

For our fifth backpacking trip last summer, Michael and I hiked the Skyline to the Sea trail from Big Basin Redwoods State Park to Waddell Beach, on the weekend of September 14-16, 2007. We drove down Friday afternoon and arrived at the park just after dark. Finding our reserved camp site and getting set up was a little challenging in the dark. In the morning, I had to wonder, "is this really a camp site?" :)

On Saturday morning, we hiked through the tall redwoods and stopped to admire the Berry Creek Falls (photo above). We continued on to our reserved camp site at the Twin Redwoods site, about 2.2 miles from the beach and 11 miles from the Big Basin headquarters. After setting up our camp site, we hiked down to the beach and hung out there for a while in the afternoon, soaking our feet and watching about three dozen people para-surfing with bright, colorful sails. Unfortunately, I neglected to bring the camera to the beach.

On Sunday morning, we hiked back to our car by another route, going up an equestrian trail where mountain bikes were not allowed, and horses were recommended. I concur with the recommendation. Hiking up the trail with backpacks was strenuous. In all, I think we logged about 25 miles on this trip, most of it with packs on.

The terrain changed a lot from the redwood forest to the ocean, and it was really quite beautiful. I particularly like the tall trees!

Glacier Lake 2007

From Glacier Lake 2007

For our fourth backpacking trip last summer, we hiked from Grouse Ridge to Glacier Lake on the weekend of August 18-19, 2007. This is familiar territory for us, because we've gone back there almost every year since 2002 (we really like the area :)

In 2002, I read about the trail in the book Hiking Northern California and used satellite imagery on MapQuest to try to find my way. Unfortunately, the maps weren't as good then as they are today and we actually wound up going to one of the Five Lakes, thinking that perhaps it was Glacier Lake. I checked Google's map of the area about a year ago and discovered that we'd actually been going to the wrong lake; the maps have the lakes named now. So of course we had to go to the actual Glacier Lake this summer. Since the lake we've enjoyed so much in the past is nameless, we think we should call it "Prinzing Lake" :)

We hiked up to the top of the ridge behind Glacier Lake and my GPS was reading an elevation of just over 8000 feet. It was pretty windy at the top, and Michael described it as feeling like when you stick your head out the car window on the freeway. The view was fantastic! We could see all the way back to Grouse Ridge (about a 4 or 5 mile hike) and many lakes on all sides. We could see forever.

Camping there was a little more crowded than we're used to; there were probably 6 parties camped around the lake that night. In the morning, we hiked out by going back to "Prinzing Lake" and hiking across the top of Sand Ridge (our old route).

Sugar Pine Reservoir

From Sugar Pine Reservoir

On our third camping trip last summer (August 4-5, 2007), we went car camping at the Shirttail Creek Campground at Sugar Pine Reservoir with Michael's friend Colton and our Golden Retriever, Georgie. After so many wilderness backpacking trips, I was a little surprised at the noise level in the campground. Our next-door neighbors really liked Johnny Cash, and shared their music with everyone. At least with car camping, you don't have weight concerns. When I'm backpacking, I'm reminded of how little I really need to survive -- especially when I have to carry it all on my back.

This was our first (and last?) experience taking Georgie along with us when we go camping/backpacking. He was great to have along until nightfall. We didn't want to let him in our crowded tent, so he got to spend the summer night outdoors, under the little tree. I think he must have smelled a burrowing animal or something, because he dug a hole all night, and unearthed a barrel full of dirt. By morning, he was a mess, and he'd buried the side of our tent, making us even more crowded inside. We filled in his hole as best we could and then went for a hike around the reservoir.

I prefer backpacking in the wilderness...

Yosemite - June 2007

From Yosemite 2007

Our second backpacking trip of the season was a trip to Yosemite National Park with John, one of my best friends from college. We spent three days (June 22-24, 2007) in the park, and hiked 33 miles in 44 hours (22 miles with a pack on our back). It was a bit of an endurance marathon, but we had a great time!

We started at the Tuolumne Meadows Visitor Center and rented black plastic bear-proof food canisters. Mine looked used -- it had tooth/claw marks on it :) We hiked the John Muir trail by Cathedral Peak and Cathedral Lakes on our way to the Sunrise High Sierra Camp, where we spent the night. I have a wrist GPS, and it registered an elevation of 10,000 feet above sea level! We also found a mountain spring along the trail that had the coldest, freshest water I've ever tasted. It was fantastic. It took a couple minutes for the dull ache in my frozen hand to go away, just from filling my water bottle. In the mountain meadows, we came across a few marmots that weren't very bashful and a lot of mosquitoes. We spent the first night at Sunrise High Sierra Camp after hiking 8 miles that day.

From Yosemite 2007

On the second day, we hiked about six miles to the intersection of the John Muir Trail and a northerly trail to Tenaya Lake, where we ditched our backpacks in the forest and donned fanny packs for a hike to the top of Half Dome and back. Half Dome was fantastic! There were crowds waiting to climb the last stretch between a pair of cables, and we waited 45 minutes with the line hardly moving at all. We got tired of waiting and hiked up the outside, holding on to one of the cables. The view from the top was simply fantastic! After resting for a few minutes and enjoying the view, we hiked back down and made our way back to our packs. Along the way, we saw deer along the trail. We ran out of water and got pretty dehydrated in the last few miles of the day. Mile 17 pretty much defined "endurance" for us. When we reached our packs, we refilled our water bottles in a stream and found a nice wilderness camp along the trail, where we spent the second night.

From Yosemite 2007

On the third day, we hiked another 8 miles (again, up and down thousands of feet in elevation) to Tenaya Lake, where we caught a park shuttle on Tioga Road back to our car at Tuolumne Meadows. We were pretty stiff and sore, but it was a wonderful experience! As John said, "you earn your view" :) And incidentally, John took most of the photos in this collection (certainly all the better ones).

Italian Bar - North Fork of the American River

From Italian Bar 2007

My son Michael and I went on seven backpacking/camping trips this last summer. This was the first trip of the season on the weekend of June 2, 2007. The Italian Bar trail starts at Humbug Ridge off Foresthill Road and descends about 2400 feet in 2.1 miles down to the North Fork of the American River. We now know what the US Forest Service means when they classify a trail as "Most Difficult" :) It took an hour to descend and two hours to hike out the next day. Remarkably enough, we didn't see too many people there.

This is gold country, and we found the entrance to a gold mine by following a pair of small ore cart rails. We went inside the mine a short distance until I got a little creeped out by it all. You could see seams of gold-bearing quartz in the walls. We picked up a chunk of quartz, broke it open, and found real gold flakes inside! They made a nice little memento from the trip. We also found gold mining equipment left over from the gold rush lying around, including an ore-crusher about the size of a truck. It's hard to imagine how they got the equipment there in the first place!