PAN Storage and the PCI DSS

June 11, 2015 • Published Categories PCI 101Tags , , , , , , , , ,

The Basics of Storing PAN Data While the only Pan you might currently know is Peter, you should also get to know and understand the acronym PAN if your business accepts credit cards. PAN stands for Primary Account Number, and it is a key piece … Read more

Our Service Provider is Compliant, Must Our Organization Be As Well?

December 9, 2014 • Published Categories Ask the QSATags , , , , ,

Question: My organization is an online service provider. Our customers are merchants (i.e., our customers are receiving the payment through our servers) and the credit card payment storage is done by a Level 1 PCI DSS Validated third party. Does my organization have to be … Read more

Hosted Private Cloud Service Providers: Should They Be PCI Compliant?

October 8, 2014 • Published Categories Ask the QSATags , , , ,
SSC Mobile and Cloud Guidlines

Question: We are considering moving a server containing cardholder data to a hosted private cloud provider.  Is it necessary that the provider have a PCI DSS assessment of their own and produce an Attestation of Compliance? What if they produce a report from an independent … Read more

“Can We Securely Store Card Data for Recurring Billing?”

August 8, 2014 • Published Categories Ask the QSATags , , , , ,
Hosted Payment Technologies

Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more

“Are Hotels Supposed to be Making Front and Back Copies of My Card?”

June 17, 2014 • Published Categories Ask the QSATags , , , , , ,

Concerned about the security of your credit card data? We regularly hear from consumers who are concerned about the manner in which hotels are collecting credit card information from them, much of which is on paper via Credit Card Authorization forms and front-and-back card copies. Here … Read more

“Does my backup services business need to be PCI compliant?”

May 6, 2014 • Published Categories Ask the QSATags , , , ,

Question: I own a small MSP service that offers backup services for customers’ servers. Some of our hospitality customers for which we do nothing but this type of backup believe we need to be PCI compliant. All the data is fully encrypted before it is sent … Read more