Penetration Testing: Ask the Right Questions Before You Sign

February 24, 2016 • Published Categories Best PracticesTags ,

Find an Experienced Penetration Tester Like most security testing services, the quality of service you get in a penetration testing engagement can vary tremendously from vendor to vendor. That’s because penetration testing is human-driven, relying upon the tester’s expertise and diligence. Evaluate Potential Providers Asking the … Read more

Can an Employee Conduct Our Company’s Penetration Testing?

November 4, 2015 • Published Categories Ask the QSATags , ,

Question: One of our employees is a Certified Penetration Tester (CPT). Can we use this employee to perform our external and application penetration testing? Or does this employee need to be registered in some way with the PCI Council? Answer: The PCI DSS allows companies … Read more

Penetration Testing: What’s a small business to do?

July 29, 2015 • Published Categories Industry TopicsTags , ,

Effective July 1, 2015, businesses validating their compliance via PCI SAQ version C are required to undergo a penetration test for the very first time. Brick-and-mortar merchants with payment applications connected to the Internet (but that do not electronically store cardholder data) are subject to … Read more

Ready Your 3.0 SAQ Game Plan

December 17, 2014 • Published Categories Best PracticesTags , , , , , , , ,

2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs.  I have spoken to Merchant Banks, Processors, small businesses, IT … Read more

Is Penetration Testing Now a Must for My Business?

November 20, 2014 • Published Categories Ask the QSATags , ,

Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more

“Can We Securely Store Card Data for Recurring Billing?”

August 8, 2014 • Published Categories Ask the QSATags , , , , ,
Hosted Payment Technologies

Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more