Is Penetration Testing Now a Must for My Business?

November 20, 2014 • Published Categories Industry TopicsTags , ,

Question: In version 3.0 it states I need to complete penetration testing. In version 2.0 it was recommended and because of our business being 24 hours, we had an acceptable work around. I am being told that the penetration test is a MUST for 3.0? Answer: Penetration … Read more

About Third-Party Access to Core Business Apps…

July 28, 2014 • Published Categories Best PracticesTags , , , , , , ,
The Cloud

Question: Our cardholder data environment (CDE) resides in a private cloud with Amazon Web Services. One of our core applications in the CDE is not accessible to the public internet; however, we have a private circuit in place that allows two of our external partners to … Read more

New SAQ A-EP Addresses E-Commerce Merchants Using Payment Redirects

March 7, 2014 • Published Categories Industry TopicsTags , , , , , , , ,
E-commerce Merchants

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more

Top 5 Takeaways from the 2013 North American PCI Community Meeting

October 14, 2013 • Published Categories Industry TopicsTags , , , , , , , , , , , ,
Mandalay Bay PCI Compliance Meeting

In recent years, the annual PCI Community Meetings (both here in the U.S. and abroad) have served as an important forum for discussing and gaining a stronger understanding of payment data security best practices and requirements. With the planned release of version 3.0 of both … Read more

The Top 5 Questions to ask a Prospective Penetration Tester

July 12, 2013 • Published Categories PCI 101Tags , , , ,
Questions to Ask a Penetration Tester

How to Find an Expert Penetration Tester If any part of your business network is connected to the Internet, then the information your business handles is within the reach of hackers and cybercriminals. For this reason, the Payment Card Industry Data Security Standard (PCI DSS) requires that … Read more

Don’t Be Fooled! There’s No Such Thing as an Automated Penetration Test.

October 22, 2012 • Published Categories PCI 101Tags , , ,

Looking for a Penetration Test Vendor? Many small merchants, having been told they need a “network penetration test,” will seek out the quickest and cheapest way possible to comply with this Payment Card Industry Data Security Standard (PCI DSS) requirement.  This is certainly understandable, given … Read more