PCI Scope: Getting It Wrong Can Be Explosive [Video]

May 16, 2016 • Published Categories Best PracticesTags , , ,

The Moving Target of PCI Scope You’ve got a business to run, yet today’s threat landscape demands that you quickly address your business’s security weaknesses. Effectively addressing the business’s security needs involves isolating the environment that attackers could exploit. But how can you isolate the … Read more

What’s the best practice for masking or truncating PAN?

November 12, 2015 • Published Categories Ask the QSATags , , ,

Question: What is the best practice when masking or truncating PAN? Is masking the middle 8 digits enough or should you mask the first 12? Answer: When it comes to the display of PAN, it’s about 2 things: What’s the PCI DSS say? What does … Read more

Can an Employee Conduct Our Company’s Penetration Testing?

November 4, 2015 • Published Categories Ask the QSATags , ,

Question: One of our employees is a Certified Penetration Tester (CPT). Can we use this employee to perform our external and application penetration testing? Or does this employee need to be registered in some way with the PCI Council? Answer: The PCI DSS allows companies … Read more

How Does Taking Credit Cards by Mail Work with PCI?

August 21, 2015 • Published Categories PCI 101Tags , , , , , ,

As is the case with taking credit cards by phone, receiving sensitive payment information by mail or fax can raise concerns in relation to your organization’s PCI compliance process. Why is it such an issue? Because when card data is handled manually, the corresponding security … Read more

PAN Storage and the PCI DSS

June 11, 2015 • Published Categories PCI 101Tags , , , , , , , , ,

The Basics of Storing PAN Data While the only Pan you might currently know is Peter, you should also get to know and understand the acronym PAN if your business accepts credit cards. PAN stands for Primary Account Number, and it is a key piece … Read more