Over the last few months, the PCI SSC has published a set of documents to establish a new program for the specification, testing, evaluation and PCI SSC listing of Software-based PIN entry on Commercial Off The Shelf devices (COTS) Solutions. Solutions also known as SPoC. The PCI DSS developed this new PCI Security Standard […]
‘PIN on Glass’ is a catchy phrase that the payments industry and solution vendors have been bandying about as the next big thing for payment card processing: point of sale solutions that will allow merchants to accept card payments using just their mobile device and with no need to purchase expensive hardware. This is […]
With the PCI SSC June 30th deadline fast approaching for all businesses to migrate away from using SSL and early TLS protocols, have your business customers taken the necessary steps to ensure that they are compliant? In this infographic, we examine what the TLS deadline is and what you can do to assist your customers. […]
By Judith Clark, QSA Consultant In recent years, numerous security reports have identified an increasing trend for intrusions affecting Point of Sale (POS) environments to have involved insecure remote access from service providers and their networks. As the ENISA points out, criminals are turning to network-based attacks against retailers’ POS infrastructure because attacks requiring physical […]
PCI DSS compliance and the forthcoming increase of Bank Identification Numbers (BINs). Are there any compliance issues?
Ask a QSA recently received the following Primary Account Number (PAN) Truncation query and felt that this may be of interest to our readers. By Judith Clark, QSA Consultant With the forthcoming increase of Bank Identification Numbers (BINs) from six digits to eight digits, are there any PCI DSS compliance issues with showing […]
The PCI SSC has published a further update on the applicability and implementation of the SAQ A requirements to merchant web servers that redirect customers to a third party for payment processing. The SAQ A is applicable to merchant entities that have wholly outsourced their entire ecommerce website infrastructure to a PCI DSS compliant […]
With larger organisations that deal directly with an acquirer, they do not have the guidance of an online portal and often rely on the PCI council in relation to SAQ selection as well as advice provided by a third party service provider. In order to address these difficulties with ecommerce SAQ selection we have […]
With its expanded content, fully revised diagrams of the e-commerce implementation methods and inclusion of case studies the 2017 guidance is a useful reference for merchants and services providers alike.
Let us first summarise the applicability and intent of SAQ A. This self-assessment questionnaire is applicable to entities that outsource their e-Commerce payment channel payment processing to a PCI DSS compliant third party.
By Natasja Bolton, Senior Acquirer Support QSA Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]
By Natasja Bolton, Senior Acquirer Support QSA Back in June, Sysnet reported on SHA-1 based certificates and why support was ceasing. In that article we also examined the potential impact on ecommerce businesses. Recently, the PCI Security Standards Council (PCI SSC) has released their own guidance on SHA-1 in the form of a Frequently Asked […]
By Jason McWhirr, Information Security Consultant What is the PCI DSS Prioritised Approach? Merchants with more complex payment systems or payment processes that do not fit into the shortened SAQs (A, A-EP, B, B-IP, C & P2PE) are required to complete SAQ D or may require an on-site assessment (for merchants with larger amounts of […]
By Jason McWhirr, Information Security Consultant When it comes to processing cardholder data, many businesses these days will often use more than one method. Whether they are using a point of sale (POS) device or taking online payments one thing is clear, all payment card data must be protected by implementing the security controls in […]
July 7th, 2016. The Payment Card Industry (PCI) Small Merchant Taskforce was formed by the PCI Security Standards Council (SSC) to address the needs of the small merchant market segment by providing simple guidance on protecting payment card data against theft. As a member of the PCI Small Merchant Taskforce. Natasja Bolton, Senior Acquirer […]
Following significant feedback from the global PCI community and security experts, the PCI Security Standards Council (PCI SSC) has extended the migration completion date for transitioning from SSL and TLS 1.0 to a secure version of TLS (currently v1.1 or higher) to 30 June 2018. This change gives organisations struggling to move away from […]
by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their payment channels and payment processing methods. For many merchants […]
Though EMV Chip technology (chip and pin) has been effective in decreasing card fraud, criminals are increasingly using new methods to compromise data. From July 1st 2015, requirement 9.9 will be enforced by the Payment Card Industry Security Standards Council (PCI SSC). This requirement will ensure that merchants have controls and countermeasures in place […]
Natasja Bolton, Consulting Manager Founded in December 2004 by 5 major card brands – Visa, Mastercard, American Express, Discover and JCB. The Payment Card Industry Data Security Standard or PCI DSS for short is a compliance standard that defines data security requirements relating to the processing, storage or transmission of cardholder data. In 2006, the card […]