EMV is Not a Security Technology

July 1, 2015 • Published Categories Best Practices, UncategorizedTags , , , , ,

What? You are probably aware that chip cards (EMV) will ultimately replace magnetic stripe cards. You are also likely aware that if your business accepts credit cards then you must be able to accept EMV cards by October, 2015, or you may have to pay … Read more

PCI DSS v3.1 and SSL: What you should do NOW.

March 5, 2015 • Published Categories Best PracticesTags , , , , , , , , , ,

12/21/15 Update: The PCI SSC is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher). Learn more here.  4/15/15 Update: The PCI SSC released PCI DSS v3.1 on its … Read more

“Is it OK to enable remote access to my back office PC?”

September 4, 2014 • Published Categories Ask the QSATags , , , , , , , , , ,

Question: Is LogMeIn PCI Compliant for a restaurant back office PC? I heard that leaving an open connection is not compliant. Answer: A remote access program such as LogMeIn can be PCI compliant; however, it must be securely implemented using multiple factors of authentication to … Read more

3 Basic Ways to Avoid PCI Paralysis

June 10, 2014 • Published Categories PCI 101Tags , ,

Combat security threats while achieving PCI compliance. Over the past several months, a barrage of news stories and opinion pieces has sent a worrisome message: The payment security war is being lost because PCI standards are failing us. This defeatist belief that the hackers have … Read more

“Does my backup services business need to be PCI compliant?”

May 6, 2014 • Published Categories Ask the QSATags , , , ,

Question: I own a small MSP service that offers backup services for customers’ servers. Some of our hospitality customers for which we do nothing but this type of backup believe we need to be PCI compliant. All the data is fully encrypted before it is sent … Read more