When undertaking any kind of PCI DSS assessment, whether it is a formal assessment or self-assessment questionnaire (SAQ), the most important thing is ensuring that the scope is correct. Without an understanding of the scope, systems may be overlooked and/or insufficient security controls applied. This may lead to a risk of data breach. Conversely, […]
In May last year, in advance of the introduction of the PCI DSS v3.2 SAQs (Self-Assessment Questionnaires) we created a downloadable fact sheet to explain in detail the impact of the updated Standard on the SAQ types.
With its expanded content, fully revised diagrams of the e-commerce implementation methods and inclusion of case studies the 2017 guidance is a useful reference for merchants and services providers alike.
Let us first summarise the applicability and intent of SAQ A. This self-assessment questionnaire is applicable to entities that outsource their e-Commerce payment channel payment processing to a PCI DSS compliant third party.
By Jason McWhirr, Information Security Consultant What is the PCI DSS Prioritised Approach? Merchants with more complex payment systems or payment processes that do not fit into the shortened SAQs (A, A-EP, B, B-IP, C & P2PE) are required to complete SAQ D or may require an on-site assessment (for merchants with larger amounts of […]
By Natasja Bolton, Senior Acquirer Support QSA In order to help your merchant businesses with the definition and documentation of their Incident Response Plan, Sysnet has created a template document – Download the Security Incident Response Plan Template. All merchants self-assessing their Payment Card Industry Data Security Standard (PCI DSS) compliance now need […]
In a previous article we provided a quick guide to PCI DSS v3.2 to assist you with navigating the updated standard, if you haven’t read it yet we encourage you to do so. In this follow-up article, we examine what are the impacts that v3.2 brings to the various SAQ types. The impact on […]
by Natasja Bolton, Acquirer Support Manager Most small and medium-sized merchants rely on an online compliance portal, such as our Sysnet.air solution, to determine the appropriate SAQ for their PCI DSS self-assessment. SAQ determination is based on the merchant’s completion of a series of questions on their payment channels and payment processing methods. For many merchants […]
by Jason McWhirr, Acquirer Support Consultant Back in June, the PCI Security Standards Council (PCI SSC) release version 2.0 of the Point to Point Encryption (P2PE) standard. What is P2PE? A P2PE system in a retail environment is designed to securely encrypt cardholder data from a merchant’s POI (Point of Interaction) device or POS […]
Common PCI DSS challenges and how they are resolved, by Graham O’Brien, Team Manager, North American Customer Support
Many acquiring organisations find it challenging to get their small and medium sized merchants to engage with their PCI DSS compliance programmes. The main reason for this is that the PCI DSS validation process can be quite daunting for business owners who are consumed with the day-to-day running of their business but have not […]
Feb 11th, 2015, Dublin, Ireland / Atlanta, Georgia – Sysnet Global Solutions today announced that since January 1st 2015 and following the upgrade of the vast majority of its clients to ComplianceMaker 3.0, almost 40,000 merchants have successfully certified against PCI DSS v3.0. Of these 40,000 merchants almost 7,000 have certified to newly introduced SAQ […]