An ongoing requirement of the PCI compliance process involves having your payment card environment scanned for security vulnerabilities. For most businesses, PCI scanning must be conducted by an Approved Scanning Vendor (ASV) at least quarterly, as well as following any major change to your environment. … Read more
So, you have been notified by a client, card brand, or your acquiring bank that you have to engage a third-party QSA company to perform a QSA-led PCI DSS assessment. There are some things that you need to know, or need to consider before moving … Read more
If your business calls its customers “patients,” then you are likely well aware of HIPAA-HITECH and all that goes along with it. But what happens if you throw the Payment Card Industry Data Security Standard (PCI DSS) into the mix? A lot of people like … Read more
Qualified Security Assessors like myself are conducting annual PCI assessments year round, so while your assessment may seem like an “it’s that time of the year again” activity, our interaction with your business often involves common themes. For example, we QSAs often hear a lot … Read more
You gather up all the necessary documentation and sit down to complete the SAQ for your business—only to realize that you can’t answer “yes” to all the questions. Somewhere, something down the line occurred which now makes things complicated. When confronted with the reality of … Read more
“A QSA’s Deja Nightmare” A QSA walks into a bar (or gas station chain, or retail organization, etc.) to perform a PCI assessment. The bartender/owner says, “We just have some policies for you! We use <<insert POS company name>> POS, and it is PCI compliant.” … Read more