Click here for a free PCI scan from ControlScan

PCI Merchants Featured Article

Written by:
Kevin Lee

How the Right Hosted Payment Technologies Reduce Online Merchants' PCI Scope

If you are a small or mid-sized business (SMB) owner, the process for evaluating your online business and becoming PCI compliant can seem impossible to follow—or at the very least, extremely daunting. Luckily, there are organizations that have made it their mission to fully understand the PCI DSS so they can develop and/or implement solutions that simplify PCI compliance for you. Read more…

Recent Articles

PCI Compliance and the Service Provider

Your organization is a service provider if it hosts or manages payment data on behalf of other businesses. Even if your business operates primarily as a merchant, acknowledging any and all service provider components will enable you to take a holistic view of your scope of compliance with the PCI DSS—and, it may help set you apart from your competitors.
Read more…

More and More Hackers are "Foodies." Well, Sort Of…

According to recent reports, hackers are apparently spending a lot more time discovering the latest hip, trendy restaurants. But they are not spending money on artisanal cheeses, free-range chicken, or chickpea and orzo salad with Piquillo pepper vinaigrette.

Holiday POS Security: A Quick Reference for the SMB Retailer

SMB retailers are now in the throes of the holiday season. While you've probably trained your sales staff to look for shoplifters, you may not have discussed the physical security of your POS systems.
Read more…

Don't Be Fooled! There's No Such Thing as an Automated Penetration Test.

Many small merchants, having been told they need a "network penetration test," will seek out the quickest and cheapest way possible to comply with this PCI DSS requirement.
Read more…

Security Logging and Monitoring (PCI DSS Requirement 10): Why all the Fuss?

Merchants who are just learning about the PCI DSS can become quickly overwhelmed by its lengthy list of requirements. In addition, many merchants may find themselves wondering whether certain requirements are even applicable to their business.
Read more...

Five Things to do Before Using Your Mobile Device to Accept Credit Card Payments

The taxi driver at the airport took your credit card using Square on an iPhone. The plumber that fixed your leaky pipes swiped your card on a PayPal device connected to an Android phone. And that posh restaurant where you impressed a client not only took your order on an iPad, but the server swiped your credit card on a PayFox device attached to the iPad. It seems as though everyone is taking advantage of mobile payment technology… Shouldn't you?
Read more...

Level 2 Merchants Beware: Your PCI validation process could be changing

If your business processes between 1 million and 6 million credit card transactions annually and you accept MasterCard as a form of payment, your PCI validation process is probably about to change.

View Archive

The PCI SSC Releases its P2PE SAQ

In May the PCI Security Standards Council (SSC) published a fact sheet to offer guidance for merchants evaluating technology to accept payments using a smartphone or iPad/tablet.

Attackers' Tools Work Day and Night: Who Can Sleep?

A security manager I was speaking with recently described some applicants for a Network Administrator position he was looking to fill. Most of them were well-qualified with backgrounds in IT and network management and had a long stream of credentials following their names.

Making Headlines for the Wrong Reason… Don't let it Happen to You.

It even appeared on TMZ.com; one of the world's largest retailers had their website defaced so they were now selling a grill to cook babies. This was, of course, inappropriate and unacceptable for any retailer to host on their website, and most likely the reason major news outlets widely publicized the defacement.
Read more...

PCI Compliance & Small Merchants: Whose Concern Is It Anyway?

Small merchants who want to accept credit cards as part of doing business can find themselves lost in a sea of information when it comes to PCI compliance. While it can be frustrating, the Payment Card Industry Data Security Standard (PCI DSS) has a worthwhile goal, and that is to ensure that credit card transactions are secure and consumers' sensitive data is protected.

A Fresh New Start Means a Fresh New Look at your PCI Status

Happy New Year! It’s the time of year where many of us celebrate a fresh start and make new resolutions. Your resolution may have been one of the common ones: get to the gym more, stress less, actually use vacation days this year. Website hackers are no different.

If it isn't documented, how do you know what your employees are doing?

It appears to be fairly common to see organizations of all sizes think of the documentation requirements for PCI compliance as one of the easiest aspects of the standard to meet. After all, when you compare the ease of simply having to document specific requirements versus actually deploying the architecture, hardware, software and personnel to meet them, the documentation requirements seem fairly benign.

Who Are You? A, B, C or D? Check first if you're storing electronic cardholder data before you answer that question.

The PCI Council provides plenty of guidance on how to determine which Self-Assessment Questionnaire (SAQ) you should complete. Sounds pretty simple. You know your business better than most people, if not everyone.
Read more...

The PCI Basics/Quick Guide – what do small merchants need to do to achieve PCI compliance?

he day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation.

Security as a Checklist? Think Again.

The concept of summarizing Payment Card Industry (PCI) requirements into a simple checklist is a welcome one, especially for merchants without a dedicated security team and budget.

Five Common Myths Debunked

There is a vast need for better information about PCI compliance in the marketplace. It is a relatively new standard and there is a lack of good information available. In this article I will outline a few of the most commonly held myths that we hear day in and day out from merchants, acquirers and service providers – along with the hard truths.

The Real Cost of Data Breach (It's more than you think—and you're more at risk than you know.)

Confusion. Denial. Plain old wishful thinking. That's what we hear when we talk to people about the real cost of data breach. Whether you're an ISO, an acquirer, or a merchant, maybe you've even said (or at least thought) some of these things yourself...
Read more...

PCI SAQ – Forms and Validation Types

If you are a merchant or service provider and accept credit cards you must validate PCI compliance at least annually. Network Security Scans are required of all merchants and service providers with external-facing IP addresses that collect, process or transmit payment account information.

PCI DSS: 5 Guidelines for Gaining PCI Compliance

If an organization doesn't know that they need to be PCI compliant, or if an organization just doesn't want to be bothered by having to obtain PCI compliance, it soon will not matter. The goal is to have all merchants, regardless of their merchant level, compliant with PCI DSS.

5 Steps to Manage a Data Breach?

Industry-specific guidelines and compliance measures, such as the Payment Card Industry's Data Security Standards (PCI DSS), are continuing to emphasize the enforcement of measures to close any and all security loopholes in a company's infrastructure

5 Steps to Manage a Data Breach? Part II

Though a smaller data breach-affecting only 250 private records-than its predecessors at TJX and ChoicePoint, the musical instrument company Bananas.com (Bananas at Large) was the victim of a hacker, who, according to published reports stole an administrative password by accessing Bananas.com systems as a remote user.

Quick Links

Increase your merchants' PCI Compliance rates