“Can We Securely Store Card Data for Recurring Billing?”

August 8, 2014 • Published Categories PCI 101 Tags , , , , ,
Hosted Payment Technologies

Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more

“We have a PCI Compliant App but are not currently PCI Compliant…”

April 1, 2014 • Published Categories PCI 101 Tags , , ,

Question: We have a PCI Compliant App but are not currently PCI Compliant. If we moved this application to a PCI Compliant Web Hosting Service do we still NEED to be PCI Compliant? Answer: Simply outsourcing some or all of your organizational functions does not mean you … Read more

New SAQ A-EP Addresses E-Commerce Merchants Using Payment Redirects

March 7, 2014 • Published Categories Industry Topics Tags , , , , , , , ,
E-commerce Merchants

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more

Top 5 Takeaways from the 2013 North American PCI Community Meeting

October 14, 2013 • Published Categories Industry Topics Tags , , , , , , , , , , , ,
Mandalay Bay PCI Compliance Meeting

In recent years, the annual PCI Community Meetings (both here in the U.S. and abroad) have served as an important forum for discussing and gaining a stronger understanding of payment data security best practices and requirements. With the planned release of version 3.0 of both … Read more

The Top 5 Questions to ask a Prospective Penetration Tester

July 12, 2013 • Published Categories PCI 101 Tags , ,
Questions to Ask a Penetration Tester

How to Find an Expert Penetration Tester If any part of your business network is connected to the Internet, then the information your business handles is within the reach of hackers and cybercriminals. For this reason, the Payment Card Industry Data Security Standard (PCI DSS) requires that … Read more

Don’t Be Fooled! There’s No Such Thing as an Automated Penetration Test.

October 22, 2012 • Published Categories PCI 101 Tags , , ,

Looking for a Penetration Test Vendor? Many small merchants, having been told they need a “network penetration test,” will seek out the quickest and cheapest way possible to comply with this Payment Card Industry Data Security Standard (PCI DSS) requirement.  This is certainly understandable, given … Read more