Disqus - Latest Comments for tylerhannan

Re: Basho | RICON

tylerhannan — Fri, 26 Oct 2012 22:37:25 -0000

Not yet, but soon...quite soon indeed.

Check out http://www.ricon2012.com as the posting location and to sign up for notification of availability.

Re: Medieval Art, Collective Intelligence, and Language Abuse

tylerhannan — Fri, 05 Nov 2010 13:34:52 -0000

It's, actually, an interesting idea. :)

But, if I'm using a flip-book than perhaps it would be best to print the pages a letter at a time so that you can see the individual words build...

Re: Open API Economy: a meetup

tylerhannan — Sat, 19 Jun 2010 18:21:43 -0000

Shanley, thanks heaps! I hope the meeting went well...the concept of API for retail is rather interesting and merits both more pondering and, perhaps, a conversation.

Re: iPad/iPhone versions of TaskPaper and WriteRoom

tylerhannan — Sun, 02 May 2010 01:53:01 -0000

Excited and actively looking forward to these releases...the single most used apps on my iPhone...and soon the most used on my iPad.

Re: http://blog.hogbaysoftware.com/post/473043456

tylerhannan — Thu, 25 Mar 2010 17:00:53 -0000

This looks fantastic...as someone who has relies on this app on both iPhone and Mac desktop, and has an iPad pre-ordered...I'm delighted to see this!

Re: A “Insert Modifier Here” Company

tylerhannan — Mon, 28 Dec 2009 23:47:16 -0000

Not as such...However, 80,000 person companies are really made up of several smaller divisions, and sub-divisions, and tactical groups, and tiger teams, and other ways of making the vastness feel more intimate.

The issue is, to a lesser degree, the same when you get to specificity of what is done within the behemoth...which, assuming EU approval, will become even larger.

Re: A “Insert Modifier Here” Company

tylerhannan — Mon, 28 Dec 2009 23:21:18 -0000

Or, perhaps, a product company...or maybe a services firm? A relatively trivial standard response that requires me to analyze the underlying complexity.

Re: Hog Bay Software - The iPhone UI has an actions icon problem. On Mac...

tylerhannan — Sun, 20 Dec 2009 19:05:20 -0000

The use of ellipsis "..." makes sense. The center of the two icons, to me indicates action with content outside of the application...which is clearly dissimilar from the intent you desire.

Perhaps something like an arrow pointed to the right? I'd have to see it in context of the UI, but that may be sufficient to indicate additional items rather than appearing to "send" content.

Re: Compliance vs. Security: a thought exercise

tylerhannan — Thu, 17 Dec 2009 21:44:04 -0000

Brad,

Good to hear from you! I will have to agree that I love the way in which you've presented the information regarding continuous compliance in the linked video.

The milestone approach is, definitely, not sufficient in adopting a risk-based stance. I suppose my query, in specific, was regarding PCI-DSS and what folk would choose to do differently than stated in the requirements if they did, in fact, not have to worry about compliance verification and instead only focused on risk.

For me, the difference in activity would seem to be rather minimal...at least notionally.

Re: Google Chrome OS: what does it mean for commerce?

tylerhannan — Wed, 25 Nov 2009 12:43:44 -0000

I agree...in part.

The reason that what you/I would call hardware is required for PIN Debit
transactions is, truly, nothing more than a requirement from processors for
keyed firmware. If that requirement wasn't in place, the process of
transaction encryption could easily be done "on the wire".

I think the bigger issue...and that to which I refer when I speak of
hardware vs. software....is the question of "intelligence". It's sort of a
poor choice of words, but the best I can come up with at present.

The traditional terminal device was "it". The end-all/be-all of acceptance
methodologies. Over time, the software based acceptance methods (be they
online, hosted, or local) were positioned as value-add for the features they
provide. And yet, there is still a benefit (financially) in performing a
swiped transaction.

So you leverage a USB card swipe. Is that hardware? Yes...but it is
hardware in the same fashion that a keyboard is hardware. Hardware, of some
sort, is required to run and interact with software.*

PIN Debit is a great example. I need a certified PED if I'm going to
perform PIN Debit transactions in a safe/compliant fashion. The hardware,
however, is truly just an encryption and input device....designed to
interact with the software that is providing connectivity, routing,
transaction qualification, and business management functions.

* At least until the Google OS Brain implant is released

Re: PayPal Developer Conference: Innovate 09

tylerhannan — Mon, 02 Nov 2009 23:58:22 -0000

Tim. I have some very firm opinions on the subject. (Imagine that :) ) There is an eBay & eCommerce track at the event so I will see if there is anything brought up regarding the situation...The beauty of a developer event is there are heaps of people to chat with about it as well. I will absolutely revert with both my opinions and those of others.

Re: Surcharge for Credit Cards

tylerhannan — Wed, 14 Oct 2009 21:18:40 -0000

I completely agree that cash discounts are, in fact, disguised surcharges...at least frequently. At some point it is really a semantics issue of "advertised price" vs. "discounted price."

The key element you identify is that the decision of accepting plastic is based on benefits of accepting that particular tender. It is, as many things, a bit of a cost/benefit analysis. I will revert this week with some interesting statistics I've found regarding the benefits of acceptance in the SMB sector.

Re: Cloud Based Messaging

tylerhannan — Sun, 31 May 2009 13:28:33 -0000

An odd woe...I've used disqus on my blog for the minor amount of comments it receives at present...and have been a huge fan. I decided to use the follow feature (for the first time) and it would appear that it was an authentication error. Somewhat surprisingly I was presented with the "something went wrong" screen but it was constrained by the embed region of the comment which made the error quite difficult to read without in page scrolling.

Regardless, seems pleasant now, will just copy/paste comment prior to click the "post" button.

Re: Cloud Based Messaging

tylerhannan — Sat, 30 May 2009 03:35:25 -0000

Perhaps this comment won't fail upon posting...

I wrote a lengthy comment regarding my own cloud usage...and that the only applications that I remain "tethered" to are office applications and e-mail.

Above all, I'm just glad I'm not the only one who uses e-mail as a file storage system. It is rapid access...easily searched (particularly when using Spotlight)...and the context of the e-mail around presentations and other saved attachments proves extraordinarily useful when researching something sent several years earlier.

Re: Why Isn't Paypal More Successful?

tylerhannan — Tue, 26 May 2009 16:40:56 -0000

Perhaps what is most intriguing about the commentary, at least from my perspective, is the comments appear to have some measure of similarity. Those who love it, love it...those who hate it, hate it....and the reasons are fairly consistent. Not surprising.

What I did find surprising is that there appears to be a measure of segmentation between the audiences that PayPal serves. Love or hate...the PayPal "merchant" has a very different perspective than the PayPal consumer. Again, not surprising considering that they serve more than one audience. It is, perhaps, an interesting case study on the multi-sided market concept as applied to what is, in essence, an established industry player.

I would agree that many of the woes called out in other comments point to a brand issue (which is, perhaps, due to a product issue). That is worthy of further rumination.

Re: Payment Processor Breach: a stream of consciousness rant

tylerhannan — Sat, 07 Mar 2009 22:02:35 -0000

Thanks for the comment.

Heartland, as I stated in the original post, appears to have been considered as "compliant" by VISA at the time of the breach.

In terms of debating the relevance of PCI...You will probably notice a theme among my posts (both here and via twitter at http://twitter.com/tylerhan... that PCI is not the "be all, end all" of compliance. It is not a goal. It should be treated as an outcome of a Risk Management strategy.

We won't know, quite possibly ever, the details of how they were breached...although we will get a fair picture as details come out. That, however, doesn't mean that is should cause all in the industry to pause and take assessment of their position on compliance, security, and risk management in general.

I know Heartland well. I know their pricing structure (from multiple perspectives). Their value to the payments world, in my opinion, has little to do with whether their risk approach was holistic. Was it a case of negligence or a case of the "black hats" beating proper security preventions? I suppose time will tell...

The theme, however, (at least from my perspective) is the situation should reinforce a measured and attentive review of security policies that anyone in the "processing" sphere choose to implement.

thanks for you thoughts. they are appreciated.

Re: Payment Processor Breach: a stream of consciousness rant

tylerhannan — Wed, 21 Jan 2009 00:42:12 -0000

Some of you may have noticed that I just deleted an anonymous comment from someone who claims to work at Heartland. For all I know, they are telling the truth.

Unfortunately, the comment was an obvious copy/paste missive that didn't address any of the content of the post above and, as such, didn't add value to the conversation.

Contact me if you have any thoughts or concerns. (The information is above...or use the comment system itself.)

Re: Payment Processor Breach: a stream of consciousness rant

tylerhannan — Tue, 20 Jan 2009 17:09:54 -0000

A colleague advised me of your post regarding this issue in the "Payments and Cards Network" on LinkedIn. If this has been ongoing for 7 months...the number could, in fact, be staggering!

Re: Payment Processor Breach: a stream of consciousness rant

tylerhannan — Tue, 20 Jan 2009 17:06:36 -0000

It does mention that. "Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards." A single statement that is followed by the quote in the blog regarding Card-not-present transactions...

The point of my thoughts is that I'm not sure everyone knows quite how simple and easy the concept of creating a counterfeit card really is. The technology is surprisingly inexpensive...and rather prevalent.

Re: Payment Processor Breach: a stream of consciousness rant

tylerhannan — Tue, 20 Jan 2009 17:03:54 -0000

I appreciate your sentiment.

I might restate as Heartland is not the ONLY victim. Keep in mind that, as they are a publicly traded company, this will (likely) have a measurable impact on their business.

You are absolutely correct that there will be a larger (most likely MUCH larger) dollar impact on fraud losses and the material cost of re-issuing cards. Which, for those in a credit union, is a ridiculous hit. I think your statement regarding PR is also enlightening...the average consumer has no idea who Heartland is, or more importantly what they do. They do know that their branded card from the CU down the street is now "unsafe."

I do find it intriguing that, in most breaches, the hardest hit (from a PR perspective) is the merchant itself. For example, TJX is to blame for my card being released at their store. In this scenario there isn't as easy a finger to point (at least for the consumer).

Thanks for your thoughts!!! I always appreciate the perspective of someone at a different point in the chain of business that makes the payment industry function.

Re: Payment Processor Breach: a stream of consciousness rant

tylerhannan — Tue, 20 Jan 2009 16:16:50 -0000

I agree completely. This a great example of criminal activity...And Heartland is a victim. As are the businesses it provides processing capabilities for (albeit tangentially). Perhaps most impacted are the cardholders...

Based on the type of business they are...and the focus on security & compliance in the payments sector it remains thoroughly intriguing and will be discussed, I believe, for years to come. (For example, the CardSystems breach and its impact are still topics of discussion)

Re: Why I Use Twitter: -or- Social Media in the Payments Industry

tylerhannan — Tue, 16 Dec 2008 23:50:29 -0000

Thanks for your thoughts...

To start. Is there enough knowledge in IP Commerce to do what we are doing better than anyone else? Absolutely. Without question. Does this mean that ignoring the knowledge in the industry is a good idea? Hardly!

I agree, wholeheartedly, that the hiring (and retention) of subject matter experts is key to the business. Extraordinarily important in fact. The purpose of my missive was not to encourage a lack of knowledge within an organization.

Rather, there is "tribal" knowledge that can be gleaned from interaction with a community that is simply untenable to obtain otherwise. I would love to employ all those who function as experts in the dynamic industry of payments and security. The sharing and distribution of knowledge has always been a key element, in my experience, to any successful organization. This is true in my work in the government sector, non-profit sector, enterprise retail, payments, scientific analysis, etc.

In a sense, social media has taken the brown bag lunch that organizations held with their respective teams and made it available in 140 character chunks. It has in-formalized the user group meetings I continue to attend...it has taken the monthly industry webinar and made it accessible whenever the inspiration for a group discussion strikes. A platform must add value to all participants...both in hard revenue and in soft knowledge.

To be frank, and perhaps too blunt, I would rather work with an organization respects the knowledge of a community than an insular organization that believes its customers and partners have no insight into the future and are unnecessary to "competing and consistently winning".

Re: Why I Use Twitter: -or- Social Media in the Payments Industry

tylerhannan — Tue, 16 Dec 2008 23:39:08 -0000

Thanks. I, for one, have enjoyed following you on twitter.

Re: Boxee

tylerhannan — Tue, 18 Nov 2008 10:49:34 -0000

It is definitely an intriguing sector...and, having spent substantial time looking for a solution for our own home theater, boxee is the furthest along in both number of connected services and interface simplicity. The competition is non-trivial (in large part dedicated hardware devices ala netflix streaming), but they open approach of additive connectivity without being locked to a specific service makes the boxee solution the most compelling.

However, the thing that is most intriguing about the boxee crew is their interaction with their community. Be it forum posting...or frequent tweets...they have truly cultivated a community.

I think that, long term, it will be interesting to see how the streaming media sector itself is affected by the bandwidth shaping of service providers. The roku forums are awash right now with people complaining of time based degradation of streaming service. There is no verification that the issue is provider based and not something less sinister...but considering the impact is an interesting thought exercise none the less.

Congratulations to the Boxee team and to Union Square Ventures. Best of Luck!

Re: Security, Security, Security: or PCI and PA-DSS on the mind

tylerhannan — Fri, 14 Nov 2008 02:34:53 -0000

Hence the link. Mike, I've always be impressed with what you have to say. Keep up the good work!