Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more
Question: Our cardholder data environment (CDE) resides in a private cloud with Amazon Web Services. One of our core applications in the CDE is not accessible to the public internet; however, we have a private circuit in place that allows two of our external partners to … Read more
The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more
In recent years, the annual PCI Community Meetings (both here in the U.S. and abroad) have served as an important forum for discussing and gaining a stronger understanding of payment data security best practices and requirements. With the planned release of version 3.0 of both … Read more
How to Find an Expert Penetration Tester If any part of your business network is connected to the Internet, then the information your business handles is within the reach of hackers and cybercriminals. For this reason, the Payment Card Industry Data Security Standard (PCI DSS) requires that … Read more
Looking for a Penetration Test Vendor? Many small merchants, having been told they need a “network penetration test,” will seek out the quickest and cheapest way possible to comply with this Payment Card Industry Data Security Standard (PCI DSS) requirement. This is certainly understandable, given … Read more