“Do I Really Need a Firewall?”

January 5, 2016 • Published Categories PCI 101Tags , , ,

Ask the security and compliance experts. PCI Compliance Guide readers regularly ask us questions and we are happy to answer as many as we can. That’s because this site’s (and ControlScan’s) goal is to help make the process simpler and clear up any misinformation by providing actionable, … Read more

Five PCI DSS 3.0 “Best Practices” About to Become Required

May 18, 2015 • Published Categories Industry TopicsTags , , , , , , ,

When PCI DSS v3.0 became effective January 1, 2015, businesses were allowed an additional six months’ leeway on a handful of requirements. During that time period, these “evolving requirements” could be considered “best practices” rather than must do’s. As of July 1, 2015, however, these … Read more

The PCI Basics & Quick Guide

January 30, 2015 • Published Categories PCI 101Tags , , , , , , , , , , , , , ,

What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more

Small Business and PCI Cost vs. Benefit

January 12, 2015 • Published Categories PCI 101Tags , , , , , , , ,

“Bureaucratic bull crap.” “A waste of my time.” “Simply not relevant.” Many small business owners wonder why they would ever need to comply with a security standard like the PCI DSS. Some wonder quietly and some more vocally. Either way, it’s an important question to … Read more

More Specialized SAQs: The New SAQ B-IP

April 8, 2014 • Published Categories Industry TopicsTags , , , , , , , , , , , ,

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ B-IP” for “Merchants with Standalone, IP-Connected PTS Point-of-Interaction (POI) Terminals – No Electronic Cardholder Data … Read more

New! More! A First Look at the PCI DSS 3.0 SAQs

March 4, 2014 • Published Categories Industry TopicsTags , , , , , , ,

In November 2013 the PCI Security Standards Council (SSC) released version 3.0 of the Data Security Standard (DSS).  As my colleague Chris Bucolo shared previously, v3.0 is heavily influenced by recent breach trends and is meant to more strongly address the basics of payment data security. … Read more