New SAQ A-EP Addresses E-Commerce Merchants Using Payment Redirects

March 7, 2014 • Published Categories Industry TopicsTags , , , , , , , ,
E-commerce Merchants

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more

New! More! A First Look at the PCI DSS 3.0 SAQs

March 4, 2014 • Published Categories Industry TopicsTags , , , , , , ,
PCI SAQ 3.2 Revisions - Learn the impact Rev. 1.1 could have on your business.

In November 2013 the PCI Security Standards Council (SSC) released version 3.0 of the Data Security Standard (DSS).  As my colleague Chris Bucolo shared previously, v3.0 is heavily influenced by recent breach trends and is meant to more strongly address the basics of payment data security. … Read more

Target’s 3DES Encryption Statement: What Does It Tell Us? What Information is Missing? And Where Does PCI Apply?

December 31, 2013 • Published Categories Industry TopicsTags , , , , , , ,

On December 27, Target issued an official statement about hackers’ access to encrypted debit card PIN data along with the payment card numbers accessed during its breach event. Some have wondered whether Target’s claims regarding the encrypted PIN codes are accurate. Although Target has not provided us … Read more

If You Are “in the Cloud,” You May Still Be Exposed to PCI Compliance Risk

December 11, 2013 • Published Categories Best Practices, Industry TopicsTags , , , , ,

Here’s a news headline that is currently scaring security executives and causing a few sleepless nights: “NSA Has Hacked 50,000 Computers Globally.” What does this have to do with PCI compliance, you might ask? If the National Security Agency can easily hack into private computer … Read more

Top 5 Takeaways from the 2013 North American PCI Community Meeting

October 14, 2013 • Published Categories Industry TopicsTags , , , , , , , , , , , ,
Mandalay Bay PCI Compliance Meeting

In recent years, the annual PCI Community Meetings (both here in the U.S. and abroad) have served as an important forum for discussing and gaining a stronger understanding of payment data security best practices and requirements. With the planned release of version 3.0 of both … Read more