New PCI Guidance Issued for Call Centers
The PCI Council has published new guidance for Call Centers handling credit cards via telephone, especially when VoIP is used, and also addresses issues surrounding the storage of recorded calls.
Author Archives: HALOCK Security Labs
PCI’s Impact on Security – Quantified
A recent study by Imperva provides some interesting insights into the impact PCI Compliance is having in terms of the likelihood of a security breach.
Filling out the SAQ
I’ve heard so many variations on what it means to fill out the self-assessment questionnaire (SAQ) that I wanted to provide some clarification. First off, filling out the SAQ (regardless of which type) does NOT make you PCI compliant. You check boxes on the SAQ and that actually means something. It means that you are […]
Yes, you have to actually BE compliant
What IS a QSA?
QSA stands for Qualified Security Assessor, and they are certified by the PCI Security Standards Council. QSAs are tasked with providing guidance and validation to the DSS. QSAs are special in that they have been certified for their knowledge and ability to advise on the PCI DSS specifically. There are roughly 800 QSA individuals in North America […]
Information Security Management System
Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again.
I’m NOT PCI compliant, what should I do?
I’ve spoken with several people in the past few months that have come right out and said that they believed they were not compliant with the PCI and were simply unsure what to do. Their questions were basically the same; what should we do first, who should we tell, how long will this take, and the […]
Tips for PCI DSS Compliance – Compliance is Important, but So Is Security
The folks at processor.com have published an article with some helpful insights and suggestions for companies working on achieving or maintaining PCI DSS compliance.
PCI DSS 11.2 and 11.3
A quick note about PCI DSS compliance and scanning vs. penetration testing and PCI DSS 11.2 and 11.3. Often (too often) when I’m talking with organizations about their PCI compliance, they respond that they’re already compliant and they already have someone doing their quarterly scanning for them. That’s great, I say! Then I ask about […]
PCI DSS v2.0 – Summary of Changes
PCI DSS v2.0 has been released. So what now? Summary of Changes: