When to Start Worrying about the PCI DSS 3.0 SAQs

May 21, 2014 • Published Categories Best PracticesTags , , , , ,

NOTE: This post was published on May 21, 2014. Please see the follow-up post, published December 17, 2014, here. Can you believe we are nearly halfway through 2014? The rapid pace of business (and life in general) can create a feeling that something is being missed, … Read more

Taking Stock and Surviving Windows XP End of Life

April 10, 2014 • Published Categories Best PracticesTags , , , , , , ,

Guest post by Jason Richelson, ShopKeep POS April 8th has come and gone, and chances are your small business is still standing. However, there is no time for a false sense of security if the Windows XP operating system is running in your IT or … Read more

More Specialized SAQs: The New SAQ B-IP

April 8, 2014 • Published Categories Industry TopicsTags , , , , , , , , , , , ,

NOTE: There have been updates to the PCI DSS 3.0 standard since this post was published. The current revision is 3.2r1.1; however, the only significant changes to the SAQ B-IP have been the additions of segmentation testing and multifactor authentication for all remote access. The new … Read more

How to Find Windows XP in your IT Environment

March 25, 2014 • Published Categories Industry TopicsTags , ,
Deadline Ahead for Windows 2003 Server

If you’ve been following our Windows XP series on PCI Compliance Guide, you now know the reasons running XP after April 8, 2014 will put your business at risk and also the level of planning that needs to take place now (even if you’re reading … Read more

New! More! A First Look at the PCI DSS 3.0 SAQs

March 4, 2014 • Published Categories Industry TopicsTags , , , , , , ,
Promote your business as PCI compliant!

In November 2013 the PCI Security Standards Council (SSC) released version 3.0 of the Data Security Standard (DSS).  As my colleague Chris Bucolo shared previously, v3.0 is heavily influenced by recent breach trends and is meant to more strongly address the basics of payment data security. … Read more

Target’s 3DES Encryption Statement: What Does It Tell Us? What Information is Missing? And Where Does PCI Apply?

December 31, 2013 • Published Categories Industry TopicsTags , , , , , , ,

On December 27, Target issued an official statement about hackers’ access to encrypted debit card PIN data along with the payment card numbers accessed during its breach event. Some have wondered whether Target’s claims regarding the encrypted PIN codes are accurate. Although Target has not provided us … Read more