PCI DSS Archives - URM
  • PCI DSS v4 – Changes at a Glance

    PCI DSS v4 – Changes at a Glance After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) on 31 March 2022.  It has been 4 years since the last minor update (v3.2.1) and nearly 9 […]

  • PCI SSC Remote Assessment Guidelines and Procedures – Key Questions Answered

    PCI SSC Remote Assessment Guidelines and Procedures The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? A set of principles and procedures which govern how remote assessments of compliance with PCI SSC standards such as PCI DSS must […]

  • Business Continuity Plans within the PCI DSS | URM Consulting, blog, pci dss, business continuity, business continuity plans, pci dss and business continuity, iso 22301, urm consulting, pandemic planning pcidss,,

    Business Continuity Plans within the PCI DSS

    A great many organisations have recently realised that their business continuity plans (BCPs) failed to consider a scenario in which a global pandemic necessitates total remote working.  As such, continuing to maintain business as usual with staff confined to their homes has been challenging.  Not least of the many challenges, this has created concerns PCI […]

  • Compliance in Christmas, compliance, international standards, it governance, governance, risk management, business continuity, information security, infosec, infosecurity, iso27001, iso22301, disaster recovery, pcidss, payment card, payment security, breach, breach report, cyber security

    Compliance in Christmas

    With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically.  With the increase in the volume of […]

  • Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS, payment card security standard, pci, pci dss, payment card, online payment, card, credit card data, iso standards, iso, isms, pentest, iso27001, infosec, infprmatiosecurity

    Do I Need Vulnerability Scanning to Validate Compliance to the PCI DSS?

    The short answer to this often-asked question is ‘Yes’!  There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]

  • 5 ways to reduce your PCI DSS scope, scope, pci, pcidss, pci dss, payment card security standard, payment card , pci ssc, infosec, ISO 27001, ISO, isms, ISO standard, iso standards

    5 ways to reduce your PCI DSS scope

    Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard.  Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve.   So, it should be no surprise that scope reduction is one of […]

  • PCI DSS: Pros and Cons of Outsourcing, pci, payment card data, payment card security, information security, infosec, iso , isms, iso 27001

    PCI DSS: Pros and Cons of Outsourcing

    In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and transmitting of cardholder data (CHD)? Let’s look at the benefits and disadvantages of outsourcing. Pros of outsourcing Reduction of scope and in-scope processes Any […]

  • Monzo Bank tells customers to change their PINs after security, pci dss, card security monzo bank pin security infosec information security

    To store or not to store? That is the multimillion-dollar (fine) question.

    This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it.  Furthermore, if you do need it, make sure that you know everywhere it is […]