Ask the security and compliance experts. PCI Compliance Guide readers regularly ask us questions and we are happy to answer as many as we can. That’s because this site’s (and ControlScan’s) goal is to help make the process simpler and clear up any misinformation by providing actionable, … Read more
When PCI DSS v3.0 became effective January 1, 2015, businesses were allowed an additional six months’ leeway on a handful of requirements. During that time period, these “evolving requirements” could be considered “best practices” rather than must do’s. As of July 1, 2015, however, these … Read more
What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more
“Bureaucratic bull crap.” “A waste of my time.” “Simply not relevant.” Many small business owners wonder why they would ever need to comply with a security standard like the PCI DSS. Some wonder quietly and some more vocally. Either way, it’s an important question to … Read more
NOTE: There have been updates to the PCI DSS 3.0 standard since this post was published. The current revision is 3.2r1.1; however, the only significant changes to the SAQ B-IP have been the additions of segmentation testing and multifactor authentication for all remote access. The new … Read more
In November 2013 the PCI Security Standards Council (SSC) released version 3.0 of the Data Security Standard (DSS). As my colleague Chris Bucolo shared previously, v3.0 is heavily influenced by recent breach trends and is meant to more strongly address the basics of payment data security. … Read more