What’s new at the PCI Council? The PCI Council has come out with their long-awaited changes to the Qualified Integrators & Resellers (QIR) program. The PCI QIR program was launched in 2012 to ensure that payment systems integrators and resellers know how to support a … Read more
Qualified Security Assessors like myself are conducting annual PCI assessments year round, so while your assessment may seem like an “it’s that time of the year again” activity, our interaction with your business often involves common themes. For example, we QSAs often hear a lot … Read more
“A QSA’s Deja Nightmare” A QSA walks into a bar (or gas station chain, or retail organization, etc.) to perform a PCI assessment. The bartender/owner says, “We just have some policies for you! We use <<insert POS company name>> POS, and it is PCI compliant.” … Read more
The PCI Security Standards Council (PCI SSC) has now officially released PCI DSS v3.1. This release contains some relatively minor clarifications needed after the last major release (v3.0) went into full effect January 1, 2015. The primary driver for this new release, however, is the … Read more
The recent rash of data security breaches stemming from insecure remote access and user credential management issues has prompted Visa to issue a Data Security Alert to all merchants and the acquirers who serve them. Here is the statement from Visa’s email, which ControlScan received … Read more
The best way to truly strengthen your business’s security posture—which is the goal of the PCI DSS—is to have a sober understanding of your risk as well as the full scope of your PCI compliance responsibility. Here are five best practices for easily and cost-effectively … Read more