3 Basic Ways to Avoid PCI Paralysis

Over the past several months, a barrage of news stories and opinion pieces has sent a worrisome message: The payment security war is being lost because PCI standards are failing us. This defeatist belief that the hackers have won and any business can be breached—or already has been—can…

Read More

Internal vs. External Vulnerability Scans: Why You Need Both

If you’re a merchant trying to get started with PCI compliance, you’re likely to hear the word “scan” from your acquiring bank or the PCI partner they’ve enlisted to help you with the process. In our conversations with merchants, we often find that there is an expectation…

Read More

The Top 5 Questions to ask a Prospective Penetration Tester

If any part of your business network is connected to the Internet, then the information your business handles is within the reach of hackers and cybercriminals. For this reason, the Payment Card Industry Data Security Standard (PCI DDS) requires that your IT network undergo a penetration test. Because the network…

Read More
Read More

PCI Compliance and the Service Provider

Today, even the smallest businesses are Internet dependent, as the ability to pass information “through the cloud” becomes increasingly desirable. The complementary growth in cloud-based services such as data hosting and payment processing has created a new breed of service provider. These service providers and their systems interact with…

Read More

Don't Be Fooled! There's No Such Thing as an Automated Penetration Test.

Many small merchants, having been told they need a “network penetration test,” will seek out the quickest and cheapest way possible to comply with this Payment Card Industry Data Security Standard (PCI DSS) requirement.  This is certainly understandable, given most small businesses’ tight operating budgets and the growing number of…

Read More

Five Steps Before Using a Mobile Device to Accept Credit Cards

The taxi driver at the airport took your credit card using Square on an iPhone. The plumber that fixed your leaky pipes swiped your card on a PayPal device connected to an Android phone. And that posh restaurant where you impressed a client not only took your order on an…

Read More

Level 2 Merchants Beware: Your PCI Validation Process Could Be Changing

If your business processes between 1 million and 6 million credit card transactions annually and you accept MasterCard as a form of payment, your PCI validation process is probably about to change.

Up until June 30, 2012, virtually all Level 2 merchants (defined by both Visa and MasterCard as any…

Read More

PCI Compliance & Small Merchants: Whose Concern Is It Anyway?

Small merchants who want to accept credit cards as part of doing business can find themselves lost in a sea of information when it comes to PCI compliance.  While it can be frustrating, the Payment Card Industry Data Security Standard (PCI DSS) has a worthwhile goal, and that is to…

Read More
Read More
Read More

Security as a Checklist? Think Again.

The concept of summarizing Payment Card Industry (PCI) requirements into a simple checklist is a welcome one, especially for merchants without a dedicated security team and budget. These are usually merchants with less than one million in annual transactions and who only recently have been informed by their acquiring banks…

Read More

What Constitutes a Payment Application?

Companies frequently ask us about what constitutes a payment application as it relates to PCI Compliance. The term payment application has a very broad meaning in PCI. So hopefully the content of this brief article will help clarify the subject and better define the term. 
We define a payment application…

Read More