Organizations are facing a lot of change with remote work set ups – in both physical location and operational shifts. Especially challenged are businesses that manage credit card information electronically and over the phone. These new working conditions unearth new risks for sensitive data. Social distancing can also bring about more social engineering attempts. According […]
Author: Todd Becker, PCI QSA, ISO 27001 Auditor If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, […]
Author: Viviana Wesley, PCI QSA The Payment Card Industry Data Security Standard (PCI DSS) version 3.1 was released today outlining a number of important changes.
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance. One statistic they mentioned was that 96% of victims subject to PCI DSS had not achieved compliance. What does that say? Probably would have stood a better chance had they been compliant. The PCI Data […]
We all know Windows Active Directory is a great solution to centrally manage users and computers.
PCI Compliance has been around for a while now. It’s funny to me to see QSAs now offering special pricing to provide services to Level 2 Merchants. Their packaged pricing includes fixed fee services to assist Level 2 Merchants in getting validated.
While I have typically seen merchants and service providers opt to segment their wireless network from the cardholder data environment to keep it out of PCI compliance scope entirely, sometimes, this is not feasible. Here is a quick checklist of what is needed when implementing a wireless network as part of your cardholder data environment:
PCI Compliance 101 – We, in information security, toss around a lot of terms and acronyms. It becomes clear to me when I’m around non-security folks (like when I’m with family over the holidays), that sometimes we need to put our work into plain-speak. So, here’s how I would explain PCI to my mom.