PCI DSS v4 – Changes at a Glance After several years wait, and to surprisingly little fanfare, the Payment Card Industry Security Standards Council (PCI SSC) released the new version of the PCI Data Security Standard (DSS) on 31 March 2022. It has been 4 years since the last minor update (v3.2.1) and nearly 9 […]
PCI SSC Remote Assessment Guidelines and Procedures The PCI SCC has recently released a new remote assessment guidelines and procedures. Here we address a number of key questions: What are the Main Contents? A set of principles and procedures which govern how remote assessments of compliance with PCI SSC standards such as PCI DSS must […]
A great many organisations have recently realised that their business continuity plans (BCPs) failed to consider a scenario in which a global pandemic necessitates total remote working. As such, continuing to maintain business as usual with staff confined to their homes has been challenging. Not least of the many challenges, this has created concerns PCI […]
We recently posted a blog ‘New Year, Old Threats’ and only a few weeks later another new card data breach involving old attack methods has come to light. The Wawa chain of convenience store in the US announced it had been the victim of card data skimming malware on its point-of-sale (POS) systems at all […]
With Christmas just around the corner, this is one of the busiest times of the year for many businesses, and particularly PCI DSS compliant organisations. It will be of no surprise to anyone that the number of card transactions being processed at this time of year increases dramatically. With the increase in the volume of […]
The short answer to this often-asked question is ‘Yes’! There are, however, a number of other misconceptions surrounding this area of compliance and we will hopefully be adding some clarification in this blog! One misconception that we frequently encounter is when the term ‘vulnerability scanning’ is confused with ‘penetration testing’. Whilst vulnerability scanning and penetration […]
Almost all organisations that implement the Payment Card Industry Data Security Standard (PCI DSS) struggle with the scope of the applicability of the Standard. Even veterans of PCI DSS compliance can struggle with scope creep over time as an organisation’s networks evolve. So, it should be no surprise that scope reduction is one of […]
In this blog, we address one of the big questions facing organisations which accept payment cards and are looking to comply with the PCI DSS. Should we outsource the storing, processing and transmitting of cardholder data (CHD)? Let’s look at the benefits and disadvantages of outsourcing. Pros of outsourcing Reduction of scope and in-scope processes Any […]
This week’s blog tackles the question of storing cardholder data and why the Payment Card Industry Data Security Standard (PCI DSS) is so beneficial. Fundamentally, it is very clear on this topic – if you don’t need it, don’t store it. Furthermore, if you do need it, make sure that you know everywhere it is […]
