pci

31 posts tagged with “pci”

The ENTITY (a scary PCI monster)

31-Oct-2019

If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about…

Read More >

Control Gap at Vancouver PCI Community Meeting

03-Sep-2019

Control Gap is excited to announce that we will be exhibiting at this year’s @PCISecurityStandardsCouncil Community Meeting on September 1…

Read More >

What's the minimum I need to do for PCI?

18-Jul-2019

As we complete the 3rd hour of the meeting discussing PCI scope, the customer turns to me and asks, “So what’s the minimum that I need to do…

Read More >

NIST Update to Format Preserving Encryption Standard affects PCI Use Cases

21-Mar-2019

Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev…

Read More >

PCI SPoC (PIN on COTS) - Grand Experiment in Mobile Payments

28-Jan-2019

Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC…

Read More >

PCI DSS v3.2.1 - What You Need to Know to Stay PCI Compliant

07-Nov-2018

To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…

Read More >

PCI DSS May Require Pulling Up Your SOX (or ISO)

22-Feb-2018

Executives and managers in organizations preparing for their first onsite PCI security assessment may feel confident that having passed a…

Read More >

17 Predictions About the Next Version of PCI DSS

10-Jan-2018

PCI DSS v3.2 is due for an update this year - but what will that look like? In this article, we peer into our crystal ball to make some…

Read More >

Understanding "Connected-to" - Is The Internet In Scope For PCI DSS?

07-Dec-2017

PCI DSS is all about scope. Getting scope right or wrong is perhaps the single most critical factor determining the ultimate success or…

Read More >

Understanding P2PE, NESA, E2EE, and PCI Compliance

27-Jun-2017

Compliance simplification, what most people call “scope reduction”, can have huge benefits in terms of saving time, effort, headaches, and…

Read More >

PCI Compliance and the Intel AMT Vulnerability

15-May-2017

On May 1st a critical new and possibly unprecedented vulnerability was announced.  The flaw in Intel's Active Management Technology (AMT…

Read More >

8-digit BIN Issues and Risks Remain after PCI Truncation Rules Clarified

10-May-2017

Last month we wrote this article about issues arising from the addition of new BIN ranges and the lack of clear guidance specifically with…

Read More >

3 Ways 8-Digit BIN Ranges May Impact PCI Compliance

11-Apr-2017

New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to…

Read More >

What The CIA WikiLeaks Dump Has In Common With PCI Compliance

14-Mar-2017

In recent news, WikiLeaks exposed a huge trove of CIA documents.  Journalists and bloggers will of course have a field day with this and the…

Read More >

What Is The Difference Between Masking And Truncation In PCI Compliance?

17-Jan-2017

Masking and truncation of cardholder data may seem the same on the surface (eg. 423456XXXXXX7890); however, each implies different…

Read More >

What Is Cardholder Data In PCI Compliance?

16-Jan-2017

Cardholder data, aka CHD, comes from credit, debit, and prepaid cards bearing the logo of one of the PCI founding card brands.  CHD includes…

Read More >

Call Centers and PCI Compliance: Things You Need to Know

15-Dec-2016

Call centers can be challenging places. They range from small and simple to large and complex. For many businesses they are a place where…

Read More >

4 FAQs The PCI Security Standards Council Renamed in 2016

02-Dec-2016

Anyone who relies on the PCI FAQ site for guidance may have noticed some changes in the last few months. In fact if you bookmarked some of…

Read More >

PCI Announces NESA - A Stepping Stone To P2PE

29-Nov-2016

Earlier this month the PCI Security Standards Council published a new document as part of the Point-to-Point Encryption (P2PE) program. This…

Read More >

PCI Compliance Footprints: 7 Ways To Simplify Compliance, Reduce Risk And Save Money

22-Nov-2016

While you may have heard of carbon footprints and ecological footprints, you might not be aware that there is such thing as a PCI Compliance…

Read More >

3 Risks of Ignoring PCI Compliance

15-Nov-2016

With more than 510 million records containing sensitive information breached since January 2005, statistics indicate that cardholder data…

Read More >

12 Tips To Avoid Credit Card Data Breaches

01-Nov-2016

PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data Traditionally, ill-intentioned criminals have targeted banking…

Read More >

PCI Compliance & Why You Need to be Compliant

27-Sep-2016

Getting paid is just as important as PCI compliance. Businesses of all sizes rely on cash flow to effectively manage business operations. To…

Read More >

How Microsoft Support Expiry can Affect Your PCI Compliance

26-Jul-2016

Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft…

Read More >

PCI Under The Microscope

28-Jun-2016

The PCI Council has testified before Congress about standards and breaches in both 2014 and 2009 (links are to Google Searches). This year…

Read More >

PCI DSS v3.2 - What You Need to Know to Stay PCI Compliant

08-Jun-2016

To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and…

Read More >

PCI DSS V3.2 Is Almost Here!

06-Apr-2016

The PCI Security Standards Councils confirmed last week that the updated version of PCI DSS (v3.2) will be released at the end of April 201…

Read More >

Just like spring - a new version of PCI DSS will come early this year!

26-Feb-2016

Last week the PCI Standards Council commented on the upcoming DSS 3.2 update and what it means for the rest of 2016. Ever since the sunset…

Read More >

PCI DSS Version 3.1 Has Arrived

15-Apr-2015

The PCI Security Standards Council today published the expected update to PCI releasing these documents including some specific migration…

Read More >

PCI Security Standards Council set to kill off SSL in PCI DSS/PA-DSS 3.1 updates

10-Mar-2015

The PCI council has released an announcement that they are preparing an updated version of the PCI DSS (v3.1) and PA-DSS (v3.1), where they…

Read More >

Analysis of PCI DSS 3.0

01-Oct-2014

PCI DSS 3.0 was released Nov 2013. There are new and changed requirements with a more organized look. Check out our in-depth analysis and…

Read More >