Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?
Articles, Blog

Ask A QSA – Mobile attack rates, how can your business customers better secure their mcommerce channel?

By Judith Clark, QSA Consultant Ask a QSA recently received the following query from an acquirer and we felt that this may be of interest to our readers. Merchants had been asking their acquirer “how can we better secure our mcommerce channel?”   It’s a good question. Recent research has shown that mobile attack rates […]

0 Shares
The PCI DSS v3.2 requirements that become effective from February 2018
Blog, Uncategorized

The PCI DSS v3.2 requirements that become effective from February 2018

By Francis Kyereh, Information Security Consultant Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards. These set the technical and operational requirements for organisations accepting or processing payment transactions. The PCI DSS Version 3.2, containing nine new requirements […]

0 Shares
New PCI SSC Scoping & Segmentation Guidance: what does it mean?
Blog, Fact Sheets, Uncategorized, Whitepapers

New PCI SSC Scoping & Segmentation Guidance: what does it mean?

By Natasja Bolton, Senior Acquirer Support QSA   Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]

0 Shares
Articles

In conversation with the PCI Security Standards Council – Adopting PCI DSS 3.2, multi-factor authentication

Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016.   By Laura Johnson, Director of Communications, PCI Security Standards Council   Following publication of PCI Data […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

0 Shares
Ask a QSA
Articles

Ask a QSA

‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]

0 Shares
Articles

Ask a QSA

‘Ask a QSA’ received a number of queries recently, however the below question is something that we believe will resonate with quite a few of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Does Payment Application Data Security Standard (PA-DSS) apply to payment applications provided as ‘Software as a Service’?    […]

0 Shares