Our Service Provider is Compliant, Must Our Organization Be As Well?

December 9, 2014 • Published Categories PCI 101 Tags , , , , ,

“Ask the QSA” Question: My organization is an online service provider. Our customers are merchants (i.e., our customers are receiving the payment through our servers) and the credit card payment storage is done by a Level 1 PCI DSS Validated third party. Does my organization … Read more

Hosted Private Cloud Service Providers: Should They Be PCI Compliant?

October 8, 2014 • Published Categories PCI 101 Tags , , , ,
SSC Mobile and Cloud Guidlines

Question: We are considering moving a server containing cardholder data to a hosted private cloud provider.  Is it necessary that the provider have a PCI DSS assessment of their own and produce an Attestation of Compliance? What if they produce a report from an independent … Read more

“Are Hotels Supposed to be Making Front and Back Copies of My Card?”

June 17, 2014 • Published Categories Industry Topics Tags , , , , , ,

Concerned about hotels and front-and-back credit card copies? We regularly hear from consumers who are concerned about the manner in which hotels are collecting credit card information from them, much of which is on paper via Credit Card Authorization forms and front-and-back credit card copies. Here … Read more

“We have a PCI Compliant App but are not currently PCI Compliant…”

April 1, 2014 • Published Categories PCI 101 Tags , , ,

Question: We have a PCI Compliant App but are not currently PCI Compliant. If we moved this application to a PCI Compliant Web Hosting Service do we still NEED to be PCI Compliant? Answer: Simply outsourcing some or all of your organizational functions does not mean you … Read more