'Securing Digital Payments' - A word from the book's Author
A free downloadable book by Andrew Jamieson.
I’ve always wanted to write a book. The type of book has changed over the years – from a comic, to a novel, back to a comic, something maybe mixed media, and then maybe a text book of some sort. But the overarching desire has remained; write a book. Today I’m happy to announce that I can tick that particular item off my bucket list.
I wrote a book.
Well …. Sort of. Now, bear with me here – it’s an eBook on payments. Look; I know, I know. Corporate published eBooks can have a rather muddied reputation. They’re known to put the interests of their publisher (in this case, the company) above the quality and objectiveness of their content. Marketing wrapped in a glamour of free knowledge. Short and sales-heavy. Something to be avoided.
You know: The kind of ‘valuable content’ you would usually not be willing to download, even for free.
That’s not the kind of eBook I’ve got.
Something Something Payments Something
I’ve been working in payments for a long time. The Sisyphusian rock of my payments career is rapidly approaching the marker that signifies it’s third decade in this industry. I was building mobile payment devices back in the mid-nineties, when mobile phones were an abstract luxury, I’ve worked on assessing the products and implementations of many others in this industry, and I’ve helped formulate standards which are used around the world to make systems safer and more secure. During this time, I’ve gathered a lot of industry knowledge, I’ve read countless payment standards, and I’ve seen what people most commonly get wrong when they are working in payments.
What I have not done – ever – is read a book on payments. Something that covers the standards you’re going to encounter, something that helps you learn from the mistakes others have made, to get some insight into the reasons behind why things are setup the way they are. I have not read that book because it does not exist. To get the information you need to work in the payment industry you need to have worked in the payment industry. It’s an insidious catch-22.
There is no reference that will outline all of the PCI standards for you, that will explain how EMV works, what common attacks exist and how to mitigate them, why ‘tamper detecting’ is different from ‘tamper resistant’, what a ‘PAR’ is and why it’s important for tokenization, or how an ISO8583 message is formatted and the ways in which it differs from an ISO20022 message.
At least, there wasn’t until now.
Sometimes, the Medium is not The Message
So, don’t just this eBook by it’s virtual cover (not to say there’s anything wrong with the cover). This is a 100+ page document that attempts to encapsulate the payment industry as it stands today into a format that is digestible and easy(ish) to read. It’s not perfect, to be honest I’d prefer for it to be at least twice as long – there’s only so much free work I can convince my employer to pay for – there are areas where it screams for more detail, and entire subjects which are not covered. I do hope to release an updated version with more more, but that will be at least a year away. Until that time, I can honestly say that this is the most compete single-source assay of the payment industry and its standards that exists at this point in time (please let me know if I’m wrong here!). There are no marketing spiels telling you how we’ve got the solutions to your problems, there’s no “call to action” creating a false sense of urgency to try to get you to click on a ‘contact us’ button, there’s no explicit reference to UL beyond the book branding and some interesting research we’ve done in areas like EMV transaction timing. The book tries to do one thing, and one thing only – impart knowledge.
Better than a Lamborghini?
So, if you’ve read this far I can assume two things:
You’re at least sort-of interested in the concept of a payments eBook
- You have the ability to tolerate the rough chisel-marks of my prose, sarcastic references, and overuse of grammatical oddities that most people avoid
Congratulations! You have the very dubious privilege of being the primary target audience for this book. For those still not convinced, I provide images of the full table of contents below. Please forgive the small size of the text, trying to fit the TOC into this post is difficult.
Did I mention it’s quite a long eBook?
The full eBook can be downloaded from the link below. Although I’ve been talking up how ‘free’ this is, I do now have to confess that you’ll be asked to provide your details to get the download. So, free-ish. However, I honestly believe that this is one of those rare times when the download is worth the gift of your contact details, and one of the purposes we’ll use these details for is to inform you of updates to the book into the future. Hopefully you’ll forgive this small cost and find the contents worthy of the asking price.
The Only Way to be Sure
If you do take the effort to download and read this eBook, I’d very much appreciate your feedback and input. Was it what you expected? Too long? Too short? Too lighteningy? Are there topics you’d like to see covered in an updated version? Did you use the book in your business, or as a training / education piece? Is there something I got wrong? Was it too dry to read, or did it not take itself seriously enough?
This book is for those in payments, getting into payments, who want to understand what it is and how it works.
I hope you enjoy it, it took a long time to put together. Almost three decades.
Now, about that comic …