Tag Archives: PCI Compliance
PCI Council Releases New Guidance for Virtualization
The PCI Security Standards Council recently released new supplemental guidance (PDF) regarding PCI compliance considerations for the use of virtualization technologies.
PCI DSS Quick Reference Guide v2.0 Released
The PCI Security Standards Council has released the new PCI DSS Quick Reference Guide, updated for the new version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS).
PCI Contract Language for Service Providers
One of the topics our team of QSA’s gets asked frequently is about what kind of language should be in PCI Service Provider contracts to meet the intent of PCI DSS requirement 12.8.2, which is as follows:
PCI Compliance 101
I’m NOT PCI compliant, what should I do?
I’ve spoken with several people in the past few months that have come right out and said that they believed they were not compliant with the PCI and were simply unsure what to do. Their questions were basically the same; what should we do first, who should we tell, how long will this take, and the […]
PCI Level 2 Non-Compliance, Mastercard’s New Rules
I have had many questions on the topic of compliance for Level II PCI Merchants that are transitioning from a SAQ (self-assessment questionnaire) to an On-site audit with a Report on Compliance (ROC). Many are concerned with the prospect that they are non-compliant with many of the controls and want to know what they should […]
PCI Compliance Adoption Rates Continue to Rise
PCI Compliance Adoption Rates. Visa’s latest report (updated as of June 30, 2010) on the percentage of the current merchant and service provider population currently validated as PCI compliant shows that most companies have now achieved compliance with the PCI Data Security Standard (DSS).
Best Practices for Achieving PCI DSS Compliance
The Payment Card Industry Data Security Standard, or PCI DSS, provides a well-defined list of security requirements, but many organizations are left with more questions than answers when it comes to determining how best to address each requirement in a manner that will be considered acceptable for PCI compliance.
Importance of maintaining network documentation for PCI Compliance
Maintaining network documentation for PCI Compliance. The PCI Data Security Standard (PCI DSS) is a set of about 200 prescriptive technical and process-centric requirements intended to help organizations proactively secure credit card data. Entities that store, process or transmit credit card data, including merchants, service providers and card issuers of all sizes, are required to comply […]