PCI DSS v3.1 and SSL: What you should do NOW.

March 5, 2015 • Published Categories Best PracticesTags , , , , , , , , , ,

12/21/15 Update: The PCI SSC is extending the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher). Learn more here.  4/15/15 Update: The PCI SSC released PCI DSS v3.1 on its … Read more

The PCI Basics & Quick Guide

January 30, 2015 • Published Categories PCI 101Tags , , , , , , , , , , , , , ,

What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more

Ready Your 3.0 SAQ Game Plan

December 17, 2014 • Published Categories Best PracticesTags , , , , , , , ,

2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs.  I have spoken to Merchant Banks, Processors, small businesses, IT … Read more

SAQ A vs. A-EP: What E-Commerce Merchants, Service Providers Need to Know Now

June 12, 2014 • Published Categories Industry TopicsTags , , , , , ,

Taking a firm stance on the security of partially outsourced e-commerce sites. When the new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) were released earlier this year, my colleagues and I closely read them to understand the potential impact on self-assessing merchants as well … Read more

When to Start Worrying about the PCI DSS 3.0 SAQs

May 21, 2014 • Published Categories Best PracticesTags , , , , ,

NOTE: This post was published on May 21, 2014. Please see the follow-up post, published December 17, 2014, here. Can you believe we are nearly halfway through 2014? The rapid pace of business (and life in general) can create a feeling that something is being missed, … Read more