New SAQ A-EP Hones in on E-Commerce Merchants Using Payment Redirects
Written by: Tim Thomas
Many e-commerce merchants assume that using a hosted payment solution will better secure their online payment transactions and eliminate their own web infrastructure from the scope of the PCI DSS. Historically, those merchants have filled out an SAQ A to validate their compliance. While the SAQ A still exists for version 3.0 and has only nominal changes, many e-commerce merchants will instead be subject to the new SAQ A-EP.
New! More! A First Look at the PCI DSS 3.0 SAQs
This past week, the SSC released the Self-Assessment Questionnaires (SAQs) supporting PCI DSS v3.0. The 3.0 SAQs include substantial modifications as well as all-new questionnaires, presenting a learning curve for small and mid-sized merchants as well as the ISOs and acquirers serving them.
Windows XP End of Life: Why Small Merchants Must Act Now
The clock is ticking. On April 8, 2014, Microsoft will end support of its Windows XP operating system. No more software updates, no more security updates. What does this mean?
Building More Momentum: Why now is the perfect time for acquirers to re-tool their PCI programs
The last couple of months have felt like a rollercoaster ride for those of us in the security and compliance space, as we watch multiple retailers come forward about data breaches and the forensic evidence being uncovered.
A Fresh New Start Means a Fresh New Look at Your PCI Status
Happy New Year! It's the time of year when many of us celebrate a fresh start and make new resolutions. Your resolution may have been one of the common ones: get to the gym more, stress less, actually use those vacation days this year.
Target's 3DES Encryption Statement: What does it tell us?
On December 27, Target issued an official statement about hackers' access to its customers' debit card PIN data. Learn what the statement means regarding the security of the stolen information and how the PCI DSS applies to the situation at hand.
If you are "in the cloud," you may still be exposed to PCI compliance risk
Here's a news headline that is currently scaring security executives and causing a few sleepless nights: "NSA Has Hacked 50,000 Computers Globally." What does this have to do with PCI compliance, you might ask?
Top 5 Takeaways from the 2013 North American PCI Community Meeting
The annual PCI Community Meetings are an important forum for discussing and gaining a stronger understanding of payment data security best practices and requirements.
How to Select a PCI Compliant Service Provider: Advice for Small Business Owners
Service providers are a key component to ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS). Outsourcing to a PCI-compliant service provider is one of the best ways business owners can help reduce their PCI obligations and risk of a data breach.
How the Right Hosted Payment Technologies Reduce Online Merchants' PCI Scope
If you are a small or mid-sized business (SMB) owner, the process for evaluating your online business and becoming PCI compliant can seem impossible to follow—or at the very least, extremely daunting.
Key Takeaways from the Recent SSC Mobile and Cloud Guidelines
The PCI Security Standards Council (SSC) recently issued helpful new guidance surrounding cloud and mobile payment security. As consumer-driven payment technology continues to advance—seemingly in lockstep with the drum beat of cyber crime—security vigilance remains paramount.
PCI Compliance and the Service Provider
Your organization is a service provider if it hosts or manages payment data on behalf of other businesses
More and More Hackers are "Foodies." Well, Sort Of…
According to recent reports, hackers are apparently spending a lot more time discovering the latest hip, trendy restaurants. But they are not spending money on artisanal cheeses, free-range chicken, or chickpea and orzo salad with Piquillo pepper vinaigrette.
Holiday POS Security: A Quick Reference for the SMB Retailer
SMB retailers are now in the throes of the holiday season. While you've probably trained your sales staff to look for shoplifters, you may not have discussed the physical security of your POS systems.
Helping SMB Merchants Cross the Chasm of PCI Compliance [Infographic]
The last four years have been marked by continued growth in Level 4 merchant data compromise, yet a recent study report from ControlScan and Merchant Warehouse reveals that many SMB merchants are still not receiving—or effectively responding to—messages about cardholder data security.
Don't Be Fooled! There's No Such Thing as an Automated Penetration Test.
Many small merchants, having been told they need a "network penetration test," will seek out the quickest and cheapest way possible to comply with this PCI DSS requirement.
Security Logging and Monitoring (PCI DSS Requirement 10): Why all the Fuss?
Merchants who are just learning about the PCI DSS can become quickly overwhelmed by its lengthy list of requirements. In addition, many merchants may find themselves wondering whether certain requirements are even applicable to their business.