New PCI SSC Scoping & Segmentation Guidance: what does it mean?
Blog, Fact Sheets, Uncategorized, Whitepapers

New PCI SSC Scoping & Segmentation Guidance: what does it mean?

By Natasja Bolton, Senior Acquirer Support QSA   Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]

Demystifying existing non-listed P2PE Solutions
Blog, Uncategorized

Demystifying existing non-listed P2PE Solutions

by Leon van Aswegen, Senior Consulting Manager   In the last two years, the PCI P2PE Standard has gained in popularity amongst Acquirers, Solution Providers, Merchants and their assessing QSAs. This is because PCI P2PE Solutions provide independently assured protection for account data from the point of capture, reducing where and how PCI DSS requirements […]

Non-compliance fees; considering alternative approaches
Blog, Uncategorized

Non-compliance fees; considering alternative approaches

Non-compliance fees are viewed by many as an acceptable short-term solution to a merchant’s unwillingness to engage with a compliance program. However, often despite the best efforts by acquirers, some merchants continue to remain disengaged. So when a merchant ignores notifications regarding their non-compliance status and the application of non-compliance fees, it may be time […]

SHA-1 - the PCI Council’s views revealed
Blog, Uncategorized

SHA-1 – the PCI Council’s views revealed

By Natasja Bolton, Acquirer Support Manager   Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked Questions […]