New Small-Business Cybersecurity Tools for Acquirers Today the PCI Security Standards Council (SSC) announced a significant advancement in its efforts to foster small-business cybersecurity: A set of payment protection resources that acquirers can use to educate and empower the small merchants they serve to fight … Read more
The PCI Council just released version 2.0 of the P2PE (Point-to-Point Encryption) Solution Requirements and Testing Procedures. Quick background: P2PE is the process of encrypting a card number in the hardware at the time of the swipe and keeping it encrypted all the way to … Read more
2014 has been a year filled with news about breaches – big breaches – record breaking breaches. I have spent the majority of the year talking to many people about PCI DSS version 3.0 SAQs. I have spoken to Merchant Banks, Processors, small businesses, IT … Read more
Guest post by David Durko, PrivacyAtlas My colleagues and I are often asked, “Where does the responsibility for compliance fall when a compliant service provider shares consumer data with a non-compliant third party?” This is an interesting question and one that could change how … Read more
Know Your Customer There’s an acronym we use in the payments industry: KYC. With KYC, which is Know Your Customer, we’re referring to ISOs’ and acquirers’ need to know the type of business each of their merchants conducts. If due diligence for KYC doesn’t take place, … Read more
In recent years, the annual PCI Community Meetings (both here in the U.S. and abroad) have served as an important forum for discussing and gaining a stronger understanding of payment data security best practices and requirements. With the planned release of version 3.0 of both … Read more