Understanding and Meeting PCI Compliance Policy Requirements

November 2, 2020 • Published Categories PCI 101 Tags , ,
Free PCI Compliance Policy Template

Regardless of the security or compliance framework you are mapping to, there will always be an established set of requirements stating that your business must have documented policies, procedures and standards in place. In this post I will clarify the difference between the three, and … Read more

Security vs. Compliance with PCI DSS Requirement 8

August 4, 2020 • Published Categories Best Practices Tags , ,
PCI DSS Requirement 8

A few weeks ago I was talking with one of my coworkers about the whole security vs compliance conversation. Up until then, I held the premise that compliance does little for security. In retort to my statement he asked the rhetorical question, “Where would these … Read more

What in the World is a Qualified Integrator and Reseller?

July 15, 2020 • Published Categories PCI 101 Tags ,
What is a Qualified Integrator and Reseller?

The PCI DSS self-assessment questionnaire can be challenging for non-technical people, especially when you don’t understand the different terms floating around inside it. “Qualified Integrator and Reseller” is one of those terms that is known to throw merchants for a loop. The PCI DSS question … Read more

The PCI Point-to-Point Encryption (P2PE) Program

June 8, 2020 • Published Categories PCI 101 Tags
PCI Point-to-Point Encryption (P2PE) Program

Excerpted from the ControlScan white paper, “Terminal Encryption for Security and PCI Compliance.” When the PCI Security Standards Council (SSC) released the first version of the PCI Point-to-Point Encryption (P2PE) standard in 2011, its goal was to help merchants obtain a path to compliance that … Read more