5 “Buts” Your QSA Doesn’t Want to Hear

December 22, 2015 • Published Categories Best PracticesTags , ,

Qualified Security Assessors like myself are conducting annual PCI assessments year round, so while your assessment may seem like an “it’s that time of the year again” activity, our interaction with your business often involves common themes. For example, we QSAs often hear a lot … Read more

You’re Non-Compliant with PCI. Now What?

December 11, 2015 • Published Categories Best PracticesTags , , , ,

You gather up all the necessary documentation and sit down to complete the SAQ for your business—only to realize that you can’t answer “yes” to all the questions. Somewhere, something down the line occurred which now makes things complicated. When confronted with the reality of … Read more

Our Service Provider is Compliant, Must Our Organization Be As Well?

December 9, 2014 • Published Categories Ask the QSATags , , , , ,

Question: My organization is an online service provider. Our customers are merchants (i.e., our customers are receiving the payment through our servers) and the credit card payment storage is done by a Level 1 PCI DSS Validated third party. Does my organization have to be … Read more

Hosted Private Cloud Service Providers: Should They Be PCI Compliant?

October 8, 2014 • Published Categories Ask the QSATags , , , ,
SSC Mobile and Cloud Guidlines

Question: We are considering moving a server containing cardholder data to a hosted private cloud provider.  Is it necessary that the provider have a PCI DSS assessment of their own and produce an Attestation of Compliance? What if they produce a report from an independent … Read more

“Are Hotels Supposed to be Making Front and Back Copies of My Card?”

June 17, 2014 • Published Categories Ask the QSATags , , , , , ,

Concerned about hotels and front-and-back credit card copies? We regularly hear from consumers who are concerned about the manner in which hotels are collecting credit card information from them, much of which is on paper via Credit Card Authorization forms and front-and-back credit card copies. Here … Read more