The Moving Target of PCI Scope You’ve got a business to run, yet today’s threat landscape demands that you quickly address your business’s security weaknesses. Effectively addressing the business’s security needs involves isolating the environment that attackers could exploit. But how can you isolate the … Read more
What is the best practice when masking or truncating PAN data? When it comes to the display of PAN data, it’s about 2 things: What’s the PCI DSS say? What does security best practice say? What the PCI DSS says (Requirement 3.3): Mask PAN when … Read more
What happens when your employee is also your company’s penetration tester? One of your employees is a Certified Penetration Tester (CPT). Can the organization use this employee to perform its external and application penetration testing? Yes, the PCI DSS does allow companies to pen test themselves, … Read more
As is the case with taking credit cards by phone, receiving sensitive payment information by mail or fax can raise concerns in relation to your organization’s PCI compliance process. Why is it such an issue? Because when card data is handled manually, the corresponding security … Read more
The Basics of Storing PAN Data While the only Pan you might currently know is Peter, you should also get to know and understand the acronym PAN if your business accepts credit cards. PAN stands for Primary Account Number, and it is a key piece … Read more