The simplest form of PCI compliance is a self assessment and most companies qualify. The simplest form of a self assessment is a SAQ-A or -A-EP. This assessment form is for merchants that do not collect or store payment card information and outsource the payment process pretty much completely. If you capture the card info […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
The Payment Card Industry (PCI) council is an industry group that includes the large credit card issuers and they have, for years, owned a standard called the PCI Data Security Standard or PCI DSS. While complying with it is not a law (except in a couple of states), complying with it is a contractual requirement […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Way back in the dark ages of 2013 the PCI Security Standards Council (PCI SSC) released a document regarding processing credit cards in the cloud. It was 52 pages. This month the PCI SSC released a new version of that same document. It is now 83 pages. This version seems to better understand the risk […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Dark Reading reported on Verizon’s PCI compliance assessment and I think the numbers are interesting, but not terribly unexpected (see article). The actual report, all 84 pages, is available here. Most of the time (maybe always), when a business has an assessment done by a third party assessor, that company will do an interim assessment […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
An article in Venturebeat the other day suggested 7 reasons why we are going to continue to see credit card breaches at retailers. First I will share their list, then I will add my own. Their list includes: The PCI standard is failing to protect merchants from breaches Merchants are not implementing P2PE Retailers introduce […]
Continue reading →
[DISPLAY_ACURAX_ICONS]