Addressing the growing risk from insecure third party remote access
Blog

Addressing the growing risk from insecure third party remote access

By Judith Clark, QSA Consultant In recent years, numerous security reports have identified an increasing trend for intrusions affecting Point of Sale (POS) environments to have involved insecure remote access from service providers and their networks.  As the ENISA points out, criminals are turning to network-based attacks against retailers’ POS infrastructure because attacks requiring physical […]

0 Shares
Understanding the scope for PCI DSS
Blog, Uncategorized, Whitepapers

Understanding the scope for PCI DSS

When undertaking any kind of PCI DSS assessment, whether it is a formal assessment or self-assessment questionnaire (SAQ), the most important thing is ensuring that the scope is correct. Without an understanding of the scope, systems may be overlooked and/or insufficient security controls applied. This may lead to a risk of data breach.   Conversely, […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

0 Shares
Do your clients know their cardholder data environment?
Articles, Blog, Whitepapers

Do your clients know their cardholder data environment?

by Jason McWhirr, Information Security Consultant One of the most important (and underused) first steps for any business or service provider when undertaking PCI DSS is to understand how cardholder data is used within their organisation, its people, departments, and systems. Without first knowing this, it is impossible to know which parts of their organisation […]

0 Shares