A great many organisations have recently realised that their business continuity plans (BCPs) failed to consider a scenario in which a global pandemic necessitates total remote working. As such, continuing to maintain business as usual with staff confined to their homes has been challenging. Not least of the many challenges, this has created concerns PCI […]
We recently posted a blog ‘New Year, Old Threats’ and only a few weeks later another new card data breach involving old attack methods has come to light. The Wawa chain of convenience store in the US announced it had been the victim of card data skimming malware on its point-of-sale (POS) systems at all […]
With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically. With the increase in the volume of […]
The short answer to this often-asked question is ‘Yes’! There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]
Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve. So, it should be no surprise that scope reduction is one of […]
In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and transmitting of cardholder data (CHD)? Let’s look at the benefits and disadvantages of outsourcing. Pros of outsourcing Reduction of scope and in-scope processes Any […]
This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it. Furthermore, if you do need it, make sure that you know everywhere it is […]
When looking at the key success criteria for any PCI compliance programme, there is no disputing the importance attached to accurately scoping the cardholder data environment (CDE). Within this blog, we are not going to delve into the murky depths of why a network component may be in or out-of-scope (thank goodness I hear you say), […]
Vulnerability assessment – Penetration testing, can things go wrong? There seems to be a market trend to offer a vulnerability assessment and package it as a penetration testing exercise. Both are security controls in ISO/IEC 27001: 2013 Annex A and both have distinct purpose and deliverables. In addition, they both feature quite heavily within the […]