PCI SAQ 3.1: E-Commerce Options Explained

January 12, 2016 • Published Categories Industry Topics Tags , , , , , ,

Confused about PCI SAQ 3.1? It’s been almost two years since the PCI Security Standards Council introduced SAQ A-EP into its self-assessment questionnaire framework, but many online businesses are still confused about whether they should validate using it. Much of the confusion is over the … Read more

Five PCI DSS 3.0 “Best Practices” About to Become Required

May 18, 2015 • Published Categories Industry Topics Tags , , , , , , ,

When PCI DSS v3.0 became effective January 1, 2015, businesses were allowed an additional six months’ leeway on a handful of requirements. During that time period, these “evolving requirements” could be considered “best practices” rather than must do’s. As of July 1, 2015, however, these … Read more

“Did We Fall Out of Compliance?”

February 12, 2015 • Published Categories PCI 101 Tags , ,

“Ask the QSA” Question: We achieved our SAQ-D in August 2014. We just had some quarterly scans executed and need to remediate two vulnerabilities. Are we now not PCI compliant because some vulnerabilities came up and we are resolving them? Answer: PCI compliance is structured … Read more

The PCI Basics & Quick Guide

January 30, 2015 • Published Categories PCI 101 Tags , , , , , , , , , , , , , ,

What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more

New! More! A First Look at the PCI DSS 3.0 SAQs

March 4, 2014 • Published Categories Industry Topics Tags , , , , , , ,
Promote your business as PCI compliant!

In November 2013 the PCI Security Standards Council (SSC) released version 3.0 of the Data Security Standard (DSS).  As my colleague Chris Bucolo shared previously, v3.0 is heavily influenced by recent breach trends and is meant to more strongly address the basics of payment data security. … Read more