Five PCI DSS 3.0 “Best Practices” About to Become Required

May 18, 2015 • Published Categories Industry TopicsTags , , , , , , ,

When PCI DSS v3.0 became effective January 1, 2015, businesses were allowed an additional six months’ leeway on a handful of requirements. During that time period, these “evolving requirements” could be considered “best practices” rather than must do’s. As of July 1, 2015, however, these … Read more

PCI DSS v3.1 and SSL: What you should do NOW.

March 5, 2015 • Published Categories Best PracticesTags , , , , , , , , , ,

12/21/15 Update: The PCI SSC is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher). Learn more here.  4/15/15 Update: The PCI SSC released PCI DSS v3.1 on its … Read more

Ready Your 3.0 SAQ Game Plan

December 17, 2014 • Published Categories Best PracticesTags , , , , , , , ,

2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs.  I have spoken to Merchant Banks, Processors, small businesses, IT … Read more

Is Penetration Testing Now a Must for My Business?

November 20, 2014 • Published Categories Industry TopicsTags , ,

Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more

Merchants: Know Your Service Providers!

August 7, 2014 • Published Categories PCI 101Tags , , , , , , , , ,
Know your service provider

Know Your Customer There’s an acronym we use in the payments industry: KYC.  With KYC, which is Know Your Customer, we’re referring to ISOs’ and acquirers’ need to know the type of business each of their merchants conducts. If due diligence for KYC doesn’t take place, … Read more

SAQ A vs. A-EP: What E-Commerce Merchants, Service Providers Need to Know Now

June 12, 2014 • Published Categories Industry TopicsTags , , , , , ,

Taking a firm stance on the security of partially outsourced e-commerce sites. When the new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) were released earlier this year, my colleagues and I closely read them to understand the potential impact on self-assessing merchants as well … Read more