PCI Merchants Featured Article
New SAQ A-EP Hones in on E-Commerce Merchants Using Payment Redirects
Written by: Tim Thomas
Many e-commerce merchants assume that using a hosted payment solution will better secure their online payment transactions and eliminate their own web infrastructure from the scope of the PCI DSS. Historically, those merchants have filled out an SAQ A to validate their compliance. While the SAQ A still exists for version 3.0 and has only nominal changes, many e-commerce merchants will instead be subject to the new SAQ A-EP.
New! More! A First Look at the PCI DSS 3.0 SAQs
This past week, the SSC released the Self-Assessment Questionnaires (SAQs) supporting PCI DSS v3.0. The 3.0 SAQs include substantial modifications as well as all-new questionnaires, presenting a learning curve for small and mid-sized merchants as well as the ISOs and acquirers serving them.
Windows XP End of Life: Why Small Merchants Must Act Now
The clock is ticking. On April 8, 2014, Microsoft will end support of its Windows XP operating system. No more software updates, no more security updates. What does this mean?
A Fresh New Start Means a Fresh New Look at Your PCI Status
Happy New Year! It's the time of year when many of us celebrate a fresh start and make new resolutions. Your resolution may have been one of the common ones: get to the gym more, stress less, actually use those vacation days this year.
Target's 3DES Encryption Statement: What does it tell us?
On December 27, Target issued an official statement about hackers' access to its customers' debit card PIN data. Learn what the statement means regarding the security of the stolen information and how the PCI DSS applies to the situation at hand.
The Top 5 Questions to Ask a Prospective Penetration Tester
Does the PCI DSS require that your IT network undergo a penetration test? If any part of your business network is connected to the Internet, then the answer is probably yes. Here are the questions you should ask any penetration testing vendor prior to signing on the dotted line.
How to Select a PCI Compliant Service Provider: Advice for Small Business Owners
Service providers are a key component to ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS). Outsourcing to a PCI-compliant service provider is one of the best ways business owners can help reduce their PCI obligations and risk of a data breach.
How the Right Hosted Payment Technologies Reduce Online Merchants' PCI Scope
If you are a small or mid-sized business (SMB) owner, the process for evaluating your online business and becoming PCI compliant can seem impossible to follow—or at the very least, extremely daunting.
PCI Compliance and the Service Provider
Your organization is a service provider if it hosts or manages payment data on behalf of other businesses. Even if your business operates primarily as a merchant, acknowledging any and all service provider components will enable you to take a holistic view of your scope of compliance with the PCI DSS—and, it may help set you apart from your competitors.
More and More Hackers are "Foodies." Well, Sort Of…
According to recent reports, hackers are apparently spending a lot more time discovering the latest hip, trendy restaurants. But they are not spending money on artisanal cheeses, free-range chicken, or chickpea and orzo salad with Piquillo pepper vinaigrette.
Holiday POS Security: A Quick Reference for the SMB Retailer
SMB retailers are now in the throes of the holiday season. While you've probably trained your sales staff to look for shoplifters, you may not have discussed the physical security of your POS systems.
Don't Be Fooled! There's No Such Thing as an Automated Penetration Test.
Many small merchants, having been told they need a "network penetration test," will seek out the quickest and cheapest way possible to comply with this PCI DSS requirement.
Security Logging and Monitoring (PCI DSS Requirement 10): Why all the Fuss?
Merchants who are just learning about the PCI DSS can become quickly overwhelmed by its lengthy list of requirements. In addition, many merchants may find themselves wondering whether certain requirements are even applicable to their business.
Five Things to do Before Using Your Mobile Device to Accept Credit Card Payments
The taxi driver at the airport took your credit card using Square on an iPhone. The plumber that fixed your leaky pipes swiped your card on a PayPal device connected to an Android phone. And that posh restaurant where you impressed a client not only took your order on an iPad, but the server swiped your credit card on a PayFox device attached to the iPad. It seems as though everyone is taking advantage of mobile payment technology… Shouldn't you?
Level 2 Merchants Beware: Your PCI validation process could be changing
If your business processes between 1 million and 6 million credit card transactions annually and you accept MasterCard as a form of payment, your PCI validation process is probably about to change.