Our Service Provider is Compliant, Must Our Organization Be As Well?

December 9, 2014 • Published Categories PCI 101Tags , , , , ,

“Ask the QSA” Question: My organization is an online service provider. Our customers are merchants (i.e., our customers are receiving the payment through our servers) and the credit card payment storage is done by a Level 1 PCI DSS Validated third party. Does my organization … Read more

Hosted Private Cloud Service Providers: Should They Be PCI Compliant?

October 8, 2014 • Published Categories PCI 101Tags , , , ,
SSC Mobile and Cloud Guidlines

Question: We are considering moving a server containing cardholder data to a hosted private cloud provider.  Is it necessary that the provider have a PCI DSS assessment of their own and produce an Attestation of Compliance? What if they produce a report from an independent … Read more

About Third-Party Access to Core Business Apps…

July 28, 2014 • Published Categories Best PracticesTags , , , , , , ,
The Cloud

Question: Our cardholder data environment (CDE) resides in a private cloud with Amazon Web Services. One of our core applications in the CDE is not accessible to the public internet; however, we have a private circuit in place that allows two of our external partners to … Read more

If You Are “in the Cloud,” You May Still Be Exposed to PCI Compliance Risk

December 11, 2013 • Published Categories Best Practices, Industry TopicsTags , , , , ,

Here’s a news headline that is currently scaring security executives and causing a few sleepless nights: “NSA Has Hacked 50,000 Computers Globally.” What does this have to do with PCI compliance, you might ask? If the National Security Agency can easily hack into private computer … Read more

Key Takeaways from the SSC Mobile and Cloud Guidelines

March 18, 2013 • Published Categories Industry Topics, ISOs/AcquirersTags , , , , , , , ,
SSC Mobile and Cloud Guidlines

The PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users was designed to create awareness of challenges in and best practices for accepting payments with a mobile device. The following are three key takeaways from the document: General-purpose mobile devices (i.e., smartphones, tablets, etc.) are designed … Read more

The PCI SSC Releases New Mobile Payment Acceptance Security Guidelines for Developers and Device Manufacturers

September 25, 2012 • Published Categories Archive, Industry TopicsTags , , , , , , , ,
New Mobile Payment Acceptance

The Payment Card Industry Security Standards Council (PCI SSC) released new guidelines during its recent Community Meeting in Orlando. The new Mobile Payment Acceptance Security guidelines apply to the payment applications identified in Mobile Payment Acceptance Application Category 3, and they give software developers and mobile … Read more