Hosted Private Cloud Service Providers: Should They Be PCI Compliant?

October 8, 2014 • Published Categories PCI 101 Tags , , , ,
SSC Mobile and Cloud Guidlines

Question: We are considering moving a server containing cardholder data to a hosted private cloud provider.  Is it necessary that the provider have a PCI DSS assessment of their own and produce an Attestation of Compliance? What if they produce a report from an independent … Read more

“Are Hotels Supposed to be Making Front and Back Copies of My Card?”

June 17, 2014 • Published Categories Industry Topics Tags , , , , , ,

Concerned about hotels and front-and-back credit card copies? We regularly hear from consumers who are concerned about the manner in which hotels are collecting credit card information from them, much of which is on paper via Credit Card Authorization forms and front-and-back credit card copies. Here … Read more

“We have a PCI Compliant App but are not currently PCI Compliant…”

April 1, 2014 • Published Categories PCI 101 Tags , , ,

Question: We have a PCI Compliant App but are not currently PCI Compliant. If we moved this application to a PCI Compliant Web Hosting Service do we still NEED to be PCI Compliant? Answer: Simply outsourcing some or all of your organizational functions does not mean you … Read more

“I have a convenience store which is processed through a satellite connection…”

April 1, 2014 • Published Categories PCI 101 Tags , ,

Question: I have a convenience store which is processed through a satellite connection direct to ExxonMobil. I have a PC connected to the internet which has NO connection to the POS system which processes credit card data. Do I still need to scan? Answer: Do the PC … Read more