On the 17th May 2018, the PCI SSC published the latest version of the PCI Data Security Standard: the PCI DSS v3.2.1. In this article we look at the changes that have been included in the updated Standard. These are also discussed in the PCI SSC’s summary of changes document. A new standard? This […]
By Sam Pfanstiel, QSA, QSA(P2PE), QPA, PA-QSA, SSF, SSA, SSLCA Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our m-commerce channel?” It’s a good question. Recent research has shown […]
By Francis Kyereh, Information Security Consultant Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organisations accepting or processing payment transactions. The PCI DSS Version 3.2, containing nine new requirements […]
By Natasja Bolton, Senior Acquirer Support QSA Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]
By Natasja Bolton, Senior Acquirer Support QSA In our previous articles on the progress of the EMV deployment in the U.S. we noted that EMV was expected to drive criminals away from Card Present counterfeit card fraud to Card Not Present (CNP) fraud. CNP fraud has indeed proliferated in the U.S. since the […]
Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016. By Laura Johnson, Director of Communications, PCI Security Standards Council Following publication of PCI Data […]
‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too? […]
‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]
‘Ask a QSA’ received a number of queries recently, however the below question is something that we believe will resonate with quite a few of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge. Does Payment Application Data Security Standard (PA-DSS) apply to payment applications provided as ‘Software as a Service’? […]
By Jeff Montgomery, Principal Information Security Consultant On the 13th of February, the PCI Standards Security Council (SSC) released an official statement confirming the impending release of a new version of the PCI DSS and PA DSS. They also released a follow up statement on the 25th of March. What we know As the […]
By James Devoy, CISO & Global Head of Consulting A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit organisations for the Payment Card Industry Data Security Standard. If you need QSA services, it is very important that you choose the right one for you. They should understand […]
