New PCI SSC Scoping & Segmentation Guidance: what does it mean?
Blog, Fact Sheets, Uncategorized, Whitepapers

New PCI SSC Scoping & Segmentation Guidance: what does it mean?

By Natasja Bolton, Senior Acquirer Support QSA   Since the earliest iterations of the PCI DSS, the standard has included the requirement for scoping and has referenced network segmentation as a method of reducing the scope, cost and difficulty of a PCI DSS assessment. For just as long organisations, QSAs and ISAs have been seeking further guidance […]

Articles

In conversation with the PCI Security Standards Council – Adopting PCI DSS 3.2, multi-factor authentication

Laura Johnson, Director of Communications, PCI Security Standards Council, interviews Sysnet’s James Devoy about his perspective on the new version of the PCI DSS. This article was first published on the PCI Security Council website, June 1st, 2016.   By Laura Johnson, Director of Communications, PCI Security Standards Council   Following publication of PCI Data […]

Articles

Ask a QSA

‘Ask a QSA’ has received the below question that we feel will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   One of our merchants has provided their Attestation of Compliance (AOC) as a Service Provider, can we accept that AOC as covering their merchant compliance too?   […]

Ask a QSA
Articles

Ask a QSA

‘Ask a QSA’ has received a number of queries recently, the below question is somewhat unusual but is something that will resonate with some of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Do acquirers need to be listed as a service provider in Part 2f of the SAQ or included […]

Articles

Ask a QSA

‘Ask a QSA’ received a number of queries recently, however the below question is something that we believe will resonate with quite a few of our clients. Seasoned QSA, Natasja Bolton stepped up to the challenge.   Does Payment Application Data Security Standard (PA-DSS) apply to payment applications provided as ‘Software as a Service’?  Natasja […]

Blog, Risk & Assurance

Choosing the Right QSA

By James Devoy, CISO & Global Head of Consulting A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit organisations for the Payment Card Industry Data Security Standard. If you need QSA services, it is very important that you choose the right one for you. They should understand your […]