PCI DSS Case Study: Security Gaps in Policy & Practice
During a PCI Assessment for a global retailer, HALOCK discovered and helped resolve significant breakdowns in security policies and practices implemented at the stores.
Tag Archives: PCI DSS
Keeping Track of PCI DSS v4.0
UPDATE: New Blog on PCI DSS 4.0 Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next request for comments (RFC), and information about the RFC feedback they received.
PCI DSS v4.0 Expected Mid-2021
UPDATE: New Blog on PCI DSS 4.0 Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next RFC, and information about the RFC feedback they received. The new blog covers timing of supporting documents, transition […]
Covid-19 Does Not Exempt Compliance nor Security Obligations
While companies are consumed with the task of implementing remote work strategies in response to the COVID-19 crisis, it is critical to remember one thing: No matter how chaotic things get, Coronavirus does not exempt you from your industry or government compliancy obligations such as HIPAA, CCPA and PCI DSS. It also does not release […]
How is PCI DSS Enforced?
Unlike most regulations you may be familiar with, the PCI DSS is enforced by contract – here is a quick look at the process; learn more about how you can be PCI compliant.
A Penetration Test Case Study: Retail
How a retailer with both brick and mortar and online stores reduced overhead costs to allow re-investment into the business by validating PCI DSS compliance through penetration testing.
THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?
As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]
A Merchant’s Guide to PCI SSC Compliance – HALOCK
A Merchant’s Guide to PCI SSC Compliance By Morgan Rickel PMP, QSA If you are a merchant considering the implementation of a mobile payment acceptance solution, or if you are currently using one, the Payment Card Industry Security Standards Council (PCI SSC) has determined that one of the major risk factors in validating mobile payment […]
VERSION 3.2 OF THE PCI DSS TO BE RELEASED IN Q2, ARE YOU READY?
Payment Card Industry Security Standards Council (PCI SSC) by Viviana Wesley, PCI QSA, ISO 27001 Auditor The Payment Card Industry Security Standards Council (PCI SSC) will be releasing version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) in the second quarter of 2016 and will become effective as soon as it’s published. PCI […]
EMV (Europay, MasterCard, Visa): THE COMING SHIFT IN LIABILITY
Author: Todd Becker, PCI QSA, ISO 27001 Auditor ‘Chip and PIN’, or EMV (“Europay, MasterCard, Visa”), is an open-standard set of specifications for smart card payments and acceptance devices and is a popular topic these days with HALOCK’s PCI clients. EMV is not a PCI requirement. However, there is a ‘liability shift’ in October 2015 that […]