Clik here to view.
PCI Compliance Scam? You Tell Me
I ran into a situation recently and wanted to voice my disgust over it. I have a friend that runs a side business with their spouse and, of course, takes credit cards for payment. They signed up with...
View ArticleClik here to view.
End-To-End Encryption – The Rest Of The Story
Step right up folks. I have something that will cure all of your problems with credit card processing. It is called end-to-end encryption. Yes, folks, it is the be all, to end all in security. It...
View ArticleClik here to view.
Merchant Levels
I get requests all of the time regarding how to determine an organization’s merchant level. Even though the card brand Web sites have this information posted, the questions still persist. But even...
View ArticleClik here to view.
Kicked Out Of “The Club”
It has finally happened. A Qualified Security Assessor Company (QSAC) has finally had their status revoked by the PCI SSC. In a little noticed release dated August 4, 2011, the PCI SSC announced...
View ArticleClik here to view.
It Is Time To Address PCI Compliance Reporting
It is QSA quality assurance assessment season at work. I found out through our QSAC key contact person that we are being assessed again by the PCI SSC to see if our Reports On Compliance (ROCs) are...
View ArticleClik here to view.
The (EMV/Contactless) World According To Visa
Based on discussions this week with a variety of large merchants at the PCI Community Meeting in Phoenix, there is a lot of confusion as to what Visa is trying to accomplish with their new Technology...
View ArticleClik here to view.
When A Breach Is Not A Breach
An interesting but troubling article appeared this past week. A merchant is suing their processor and acquiring bank over a fine they were assessed for an alleged credit card breach. What makes this...
View ArticleClik here to view.
Are You A Level 2 Merchant?
It is that time of the year again. I have had calls from a number of Level 2 merchants in a panic about the upcoming MasterCard deadline. I also have a number of perspective clients that are saying,...
View ArticleClik here to view.
PCI DSS Compliance Certificates
In this month’s PCI SSC QSA Newsletter, the FAQ of the Month is about so called ‘PCI DSS Compliance Certificates’. I started to hear about these a couple of years ago, but it got really big last year...
View ArticleClik here to view.
Another Year, Another QSA Re-Certification
It is that time of the year when I have to go through the PCI SSC’s Qualified Security Assessor (QSA) re-certification process. To add to the re-certification process this year, I have been sick for...
View ArticleClik here to view.
How The PCI Standards Will Really Die
Welcome to the new year. I hope the holidays have been treating you well and the coming year is good as well. There have been a number of articles written about why and how the PCI compliance process...
View ArticleClik here to view.
What If?
Here is a thought provoking question that was posed to me recently by a former accomplice in the PCI world. What if PCI DSS assessments were only required until a merchant proved they were PCI...
View ArticleClik here to view.
Self-Assessment Questionnaires
I have received some interesting questions of late regarding various scenarios and how to fill out specific self-assessment questionnaires or SAQs. The troubling part to these questions is that they...
View ArticleClik here to view.
PCI Compliance Scam? You Tell Me
I ran into a situation recently and wanted to voice my disgust over it. I have a friend that runs a side business with their spouse and, of course, takes credit cards for payment. They signed up with...
View ArticleClik here to view.
End-To-End Encryption – The Rest Of The Story
Step right up folks. I have something that will cure all of your problems with credit card processing. It is called end-to-end encryption. Yes, folks, it is the be all, to end all in security. It...
View ArticleClik here to view.
More Requirements That Cannot Be Marked ‘Not Applicable’
In the August 2011 issue of the PCI SSC’s Assessor Update, there is an article titled ‘Checking for SAD’, with SAD meaning sensitive authentication data. In this article, the PCI SSC is telling QSAs...
View ArticleClik here to view.
Another Year, Another QSA Re-Certification
It is that time of the year when I have to go through the PCI SSC’s Qualified Security Assessor (QSA) re-certification process. To add to the re-certification process this year, I have been sick for...
View ArticleClik here to view.
Diagramming For Your QSA
I have been reviewing network and data flow diagrams for PCI compliance engagements for years. But it only recently dawned on me that I have never discussed the issues that keep recurring when I...
View ArticleClik here to view.
Coming Attractions
On September 12, 2013 the PCI SSC released the drafts of version 3 of the PCI DSS and PA-DSS. In reviewing the PCI DSS, there are six new requirements that will be considered ‘best practices’ until...
View ArticleClik here to view.
Removing The Drama Of A PCI DSS Assessment
I had to prepare a presentation for a client a while back giving them some tips on how to prepare and get through a PCI assessment as easy as possible. I thought it might be good to share those...
View Article