An ongoing requirement of the PCI compliance process involves having your payment card environment scanned for security vulnerabilities. For most businesses, PCI scanning must be conducted by an Approved Scanning Vendor (ASV) at least quarterly, as well as following any major change to your environment. … Read more
“Why am I being asked to whitelist ControlScan’s IP address as part of your ASV service? Doesn’t bypassing my IPS defeat the purpose of a PCI vulnerability scan?” ASV whitelisting is one of the most common questions our Vulnerability Management team receives, so let’s dive … Read more
How many of your merchants are just checking the boxes? Checkbox compliance is nothing new in the payments industry. In fact, Google “checkbox compliance” and you quickly see that thousands of posts have been written about it. These posts describe the exercise of racing to … Read more
“Ask the QSA” Question: We achieved our SAQ-D in August 2014. We just had some quarterly scans executed and need to remediate two vulnerabilities. Are we now not PCI compliant because some vulnerabilities came up and we are resolving them? Answer: PCI compliance is structured … Read more
What Do Small Merchants Need to Do to Achieve PCI Compliance?. The day has come. You have received notification from your acquirer that your organization is required to submit Payment Card Industry (PCI) compliance validation. You’ve also just been informed that there are penalties – … Read more
Guest post by David Durko, PrivacyAtlas My colleagues and I are often asked, “Where does the responsibility for compliance fall when a compliant service provider shares consumer data with a non-compliant third party?” This is an interesting question and one that could change how … Read more