PCI Scope: Getting It Wrong Can Be Explosive [Video]

May 16, 2016 • Published Categories Best PracticesTags , , ,

The Moving Target of PCI Scope You’ve got a business to run, yet today’s threat landscape demands that you quickly address your business’s security weaknesses. Effectively addressing the business’s security needs involves isolating the environment that attackers could exploit. But how can you isolate the … Read more

What’s the best practice for masking or truncating PAN data?

November 12, 2015 • Published Categories Best PracticesTags , , ,
PAN data storage and transmission best practices

What is the best practice when masking or truncating PAN data? When it comes to the display of PAN data, it’s about 2 things: What’s the PCI DSS say? What does security best practice say? What the PCI DSS says (Requirement 3.3): Mask PAN when … Read more

Can an Employee Conduct Our Company’s Penetration Testing?

November 4, 2015 • Published Categories Best PracticesTags , ,
The in-house penetration tester: Good or bad?

What happens when your employee is also your company’s penetration tester? One of your employees is a Certified Penetration Tester (CPT). Can the organization use this employee to perform its external and application penetration testing? Yes, the PCI DSS does allow companies to pen test themselves, … Read more

How Does Taking Credit Cards by Mail Work with PCI?

August 21, 2015 • Published Categories PCI 101Tags , , , , , ,

As is the case with taking credit cards by phone, receiving sensitive payment information by mail or fax can raise concerns in relation to your organization’s PCI compliance process. Why is it such an issue? Because when card data is handled manually, the corresponding security … Read more

PAN Storage and the PCI DSS

June 11, 2015 • Published Categories PCI 101Tags , , , , , , , , ,

The Basics of Storing PAN Data While the only Pan you might currently know is Peter, you should also get to know and understand the acronym PAN if your business accepts credit cards. PAN stands for Primary Account Number, and it is a key piece … Read more