Tag Archives: QSA

How To Find The Right QSA

If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated.  The stakes have never been higher for large organizations that process payments.  With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless […]

PCI and Third Party Security Assurance: The PCI Council’s Guidance Summarized

Author: Viviana Wesley, PCI QSA Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal […]

PCI Council Changes the Rules for PA-DSS Minor Changes

The PCI Council recently released version 2.0 of the PA-DSS Program Guide, available here, which includes a significant change with regards to the definition of a “minor change” and what it means to Payment Application Vendors.  Certain types of changes that would have previously required a complete revalidation of the payment application can now be addressed […]

Reducing the Scope for PCI Compliance

The PCI DSS is comprised of over 200 specific requirements, including technical, administrative and policy controls; for this reason, the first consideration when approaching PCI compliance is determining exactly which parts of the environment have to be included within the PCI compliance scope and which do not, based upon the scoping rules provided by the […]