Third Party Services: Ease or Risk?

September 9, 2015 • Published Categories Best PracticesTags ,

While assessing one of the largest public sector enterprises recently, I asked for the routine maintenance reports and records for IT, Human Resource & Facility Administration. The auditee promptly dug out the files and presented the requisite records. While reviewing the records I noticed that … Read more

The PCI DSS, Chaining and the Franchise Relationship

October 21, 2014 • Published Categories Industry TopicsTags , , , , , , , ,

Guest post by David Durko, PrivacyAtlas   My colleagues and I are often asked, “Where does the responsibility for compliance fall when a compliant service provider shares consumer data with a non-compliant third party?” This is an interesting question and one that could change how … Read more

Merchants: Know Your Service Providers!

August 7, 2014 • Published Categories PCI 101Tags , , , , , , , , ,
Know your service provider

Know Your Customer There’s an acronym we use in the payments industry: KYC.  With KYC, which is Know Your Customer, we’re referring to ISOs’ and acquirers’ need to know the type of business each of their merchants conducts. If due diligence for KYC doesn’t take place, … Read more

About Third-Party Access to Core Business Apps…

July 28, 2014 • Published Categories Best PracticesTags , , , , , , ,
The Cloud

Question: Our cardholder data environment (CDE) resides in a private cloud with Amazon Web Services. One of our core applications in the CDE is not accessible to the public internet; however, we have a private circuit in place that allows two of our external partners to … Read more