Security vs. Compliance with PCI DSS Requirement 8

August 4, 2020 • Published Categories Best Practices Tags , ,
PCI DSS Requirement 8

A few weeks ago I was talking with one of my coworkers about the whole security vs compliance conversation. Up until then, I held the premise that compliance does little for security. In retort to my statement he asked the rhetorical question, “Where would these … Read more

What in the World is a Qualified Integrator and Reseller?

July 15, 2020 • Published Categories PCI 101 Tags ,
What is a Qualified Integrator and Reseller?

The PCI DSS self-assessment questionnaire can be challenging for non-technical people, especially when you don’t understand the different terms floating around inside it. “Qualified Integrator and Reseller” is one of those terms that is known to throw merchants for a loop. The PCI DSS question … Read more

The PCI Point-to-Point Encryption (P2PE) Program

June 8, 2020 • Published Categories PCI 101 Tags
PCI Point-to-Point Encryption (P2PE) Program

Excerpted from the ControlScan white paper, “Terminal Encryption for Security and PCI Compliance.” When the PCI Security Standards Council (SSC) released the first version of the PCI Point-to-Point Encryption (P2PE) standard in 2011, its goal was to help merchants obtain a path to compliance that … Read more

PCI DSS Requirement 6.3: Secure Software Application Development

June 2, 2020 • Published Categories Best Practices Tags , ,
Secure Software Application Development for PCI DSS 6.3

The Payment Card Industry Data Security Standard (PCI DSS) has 12 primary requirements, but within those it has a multitude of sub-requirements. While many of these are straightforward there are several that can leave even the technologically savvy person perplexed. Secure software application development is … Read more