Tag Archives: PCI Compliance

Payment Processing in a Remote Working Environment

Organizations are facing a lot of change with remote work set ups – in both physical location and operational shifts. Especially challenged are businesses that manage credit card information electronically and over the phone. These new working conditions unearth new risks for sensitive data. Social distancing can also bring about more social engineering attempts. According […]

HOW TO FIND THE RIGHT QSA

Author: Todd Becker, PCI QSA, ISO 27001 Auditor If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated.  The stakes have never been higher for large organizations that process payments.  With major data breaches constantly in the headlines like Target, […]

PCI Compliance – 96% of victims subject to PCI DSS had not achieved compliance

I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance. One statistic they mentioned was that 96% of victims subject to PCI DSS had not achieved compliance.  What does that say?  Probably would have stood a better chance had they been compliant. The PCI Data […]

Wireless Checklist for PCI Compliance

While I have typically seen merchants and service providers opt to segment their wireless network from the cardholder data environment to keep it out of PCI compliance scope entirely, sometimes, this is not feasible.  Here is a quick checklist of what is needed when implementing a wireless network as part of your cardholder data environment:

PCI Compliance 101

PCI Compliance 101 – We, in information security, toss around a lot of terms and acronyms.  It becomes clear to me when I’m around non-security folks (like when I’m with family over the holidays), that sometimes we need to put our work into plain-speak.  So, here’s how I would explain PCI to my mom.