“Did We Fall Out of Compliance?”

February 12, 2015 • Published Categories Ask the QSATags , ,

Question: We achieved our SAQ-D in August 2014. We just had some quarterly scans executed and need to remediate two vulnerabilities. Are we now not PCI compliant because some vulnerabilities came up and we are resolving them? Answer: PCI compliance is structured around a series … Read more

The PCI Basics & Quick Guide

January 30, 2015 • Published Categories PCI 101Tags , , , , , , , , , , , , , ,

What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more

The PCI DSS, Chaining and the Franchise Relationship

October 21, 2014 • Published Categories Industry TopicsTags , , , , , , , ,

Guest post by David Durko, PrivacyAtlas   My colleagues and I are often asked, “Where does the responsibility for compliance fall when a compliant service provider shares consumer data with a non-compliant third party?” This is an interesting question and one that could change how … Read more

3 Reasons to Get Involved in Your Merchants’ mPOS Adoption

September 17, 2014 • Published Categories Acquirer ProgramsTags , , , , , , , , ,

ControlScan has just released a new report detailing its latest research findings on mobile technology adoption among small and mid-sized businesses (SMBs). The report, Mobile at the Point of Sale: How SMBs are Adopting Mobile Devices to Accept Card-Present Payments, is based on input from … Read more

“Can We Securely Store Card Data for Recurring Billing?”

August 8, 2014 • Published Categories Ask the QSATags , , , , ,
Hosted Payment Technologies

Should your business store cardholder data? While the PCI DSS discourages businesses from storing credit card data, many feel the practice is necessary in order to facilitate recurring payments.Here are a few of the related questions we’ve recently received: Question: We store credit card info (number … Read more

About Third-Party Access to Core Business Apps…

July 28, 2014 • Published Categories Ask the QSATags , , , , , , ,
The Cloud

Question: Our cardholder data environment (CDE) resides in a private cloud with Amazon Web Services. One of our core applications in the CDE is not accessible to the public internet; however, we have a private circuit in place that allows two of our external partners to … Read more