The PCI DSS self-assessment questionnaire can be challenging for non-technical people, especially when you don’t understand the different terms floating around inside it. “Qualified Integrator and Reseller” is one of those terms that is known to throw merchants for a loop. The PCI DSS question … Read more
Excerpted from the ControlScan white paper, “Terminal Encryption for Security and PCI Compliance.” When the PCI Security Standards Council (SSC) released the first version of the PCI Point-to-Point Encryption (P2PE) standard in 2011, its goal was to help merchants obtain a path to compliance that … Read more
The Payment Card Industry Data Security Standard (PCI DSS) has 12 primary requirements, but within those it has a multitude of sub-requirements. While many of these are straightforward there are several that can leave even the technologically savvy person perplexed. Secure software application development is … Read more
Guest post by ConsumersAdvocate.org It’s the Little Things that Sting Password proliferation is a common cause for complaint in the business world. One recent study found that the average business user has 191 passwords to keep track of. And that figure primarily reflects the “civilians” … Read more
Early on in my career, I was assigned a PCI DSS assessment with a major sporting franchise. In one of the down moments that we had, I started to make conversation and try to get to know my client a little better. Sure, I was … Read more
Over the past 13 years or so I’ve assessed hundreds of organizations as a PCI Qualified Security Assessor (QSA). In that time there have only been a few instances where I walked away and there was no remediation that needed to be done. What I’ve … Read more