When to Start Worrying about the PCI DSS 3.0 SAQs

May 21, 2014 • Published Categories Best Practices Tags , , , , ,

NOTE: This post was published on May 21, 2014. Please see the follow-up post, published December 17, 2014, here. Can you believe we are nearly halfway through 2014? The rapid pace of business (and life in general) can create a feeling that something is being missed, … Read more

Internal vs. External Vulnerability Scans: Why You Need Both

May 15, 2014 • Published Categories PCI 101 Tags , , , ,

The Ins and Outs of Vulnerability Scanning If you’re a merchant trying to get started with PCI compliance, you’re likely to hear the word “scan” from your acquiring bank or the PCI partner they’ve enlisted to help you with the process. In our conversations with … Read more

More Specialized SAQs: The New SAQ B-IP

April 8, 2014 • Published Categories Industry Topics Tags , , , , , , , , , , , ,

NOTE: There have been updates to the PCI DSS 3.0 standard since this post was published. The current revision is 3.2r1.1; however, the only significant changes to the SAQ B-IP have been the additions of segmentation testing and multifactor authentication for all remote access. The new … Read more

New SAQ A-EP Addresses E-Commerce Merchants Using Payment Redirects

March 7, 2014 • Published Categories Industry Topics Tags , , , , , , , ,
E-commerce Merchants

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more

New! More! A First Look at the PCI DSS 3.0 SAQs

March 4, 2014 • Published Categories Industry Topics Tags , , , , , , ,
Promote your business as PCI compliant!

In November 2013 the PCI Security Standards Council (SSC) released version 3.0 of the Data Security Standard (DSS).  As my colleague Chris Bucolo shared previously, v3.0 is heavily influenced by recent breach trends and is meant to more strongly address the basics of payment data security. … Read more

Target’s 3DES Encryption Statement: What Does It Tell Us? What Information is Missing? And Where Does PCI Apply?

December 31, 2013 • Published Categories Industry Topics Tags , , , , , , ,

On December 27, Target issued an official statement about hackers’ access to encrypted debit card PIN data along with the payment card numbers accessed during its breach event. Some have wondered whether Target’s claims regarding the encrypted PIN codes are accurate. Although Target has not provided us … Read more