The days of simply sending a newsletter or statement stuffer to a merchant describing the PCI requirements may no longer be sufficient to protect the Acquiring community (Sponsor Banks, Processors and ISOs) from the card brand obligations, liability and the impact of state law violations. … Read more
The concept of summarizing Payment Card Industry (PCI) requirements into a simple checklist is a welcome one, especially for merchants without a dedicated security team and budget. These are usually merchants with less than one million in annual transactions and who only recently have been … Read more
(It’s more than you think—and you’re more at risk than you know.) Confusion. Denial. Plain old wishful thinking. That’s what we hear when we talk to people about the real cost of data breach. Whether you’re an ISO, an acquirer, or a merchant, maybe you’ve … Read more
Is PCI compliance a law? The short answer is no. The long answer is that while it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI … Read more
Companies frequently ask us about what constitutes a payment application as it relates to PCI Compliance. The term payment application has a very broad meaning in PCI. So hopefully the content of this brief article will help clarify the subject and better define the term. … Read more
There is a vast need for better information about PCI compliance in the marketplace. It is a relatively new standard and there is a lack of good information available. In this article I will outline a few of the most commonly held myths that we … Read more