Unpacking the New PCI DSS v4.x Password Standards
By Jason Maiden, CISSP, PMP, PCI QSA, ISO 27001 Lead Auditor – Managing Consultant
The Payment Card Industry Data Security Standard (PCI DSS) v4.x introduced several new and enhanced security requirements, many of which became effective on March 31, 2024. However, the clock is ticking on additional future-dated requirements set to take effect on March 31, 2025. Among these, a significant portion pertains to (more…)
Countdown to Compliance: DMARC and PCI DSS v4.0
PCI DSS v4.0 2025
We are currently four months away from March 31, 2025, the compliance deadline for the Payment Card Industry Data Security Standard (PCI DSS) v4.0 best practice requirements. After that date all organizations must comply with the new 51 PCI DSS v4.0 requirements that have been considered best practices since 2024. One of the updates (more…)
Q&A with our QSA
The right Qualified Security Assessor (QSA) is crucial to the success of your organization’s security and compliance. HALOCK is fortunate to have a stellar team to support our clients. We are happy to highlight one of our key leaders on PCI, Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM. Get to know her with our quick Q&A:
(more…)
PCI SSC Resource Guide: Vulnerability Scans and Approved Scanning Vendors
The PCI Security Standards Council (PCI SSC) has published a Resource Guide: Vulnerability Scans and Approved Scanning Vendors
What is a Vulnerability Scan?
A process for identifying security weaknesses and flaws in systems and software. New vulnerabilities, security holes, and bugs are being discovered daily. Test your systems regularly to identify weaknesses and address them as soon as possible.
What is an Approved Scanning Vendor (more…)
Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1
By Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM
Principal Consultant, Governance, Compliance and Engineering Services
Did you see that version 4.0.1 of the PCI DSS that was recently published?
Within the updated document you will notice that requirements 6.4.3 and 11.6.1 have a new applicability note:
6.4.3 – “This requirement also applies to scripts in the (more…)
PCI SSC North America Community Meeting and Reducing PCI Scope
The PCI SSC North America Community Meetings bring together the brightest minds in payment security. This year’s event took place in Boston, MA on September 10-12. The theme is ‘Shaping the Future of Payment Security‘.
With the release of PCI DSS v4.0, and changing purchase environments, professionals are keen to understand best practices – especially in the area of reducing PCI scope. Toast, Target, and HALOCK (more…)
Guidance Related to PCI Compliance Scope for eCommerce Outsourcing
What is in Scope for eCommerce Outsourcing?
by Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM
When an organization outsources their eCommerce environment to a third-party service provider (TPSP), the integration method used has a drastic impact on that organization’s PCI DSS compliance scope and applicable PCI DSS requirements. However, this was (more…)
SAQ A Merchants Have New PCI Responsibilities on April 1
It is easy for time to get away from you, especially when it comes to transitioning to new compliance standards and their respective deadlines. On March 31, 2024, the era of PCI DSS v.3.2.1 comes to an end, ushering in the implementation of v4.0 beginning April (more…)
Are Your PCI DSS v4.0 Roles and Responsibilities Ready for the April 1 Deadline?
Organizations subject to Payment Card Industry Data Security Standard (PCI DSS) oversight face a critical upcoming deadline. April 1, 2024, serves as a significant benchmark in the shift towards (more…)