Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘pa-dss’ Category

iPhone PA-DSS applications

Monday, January 12th, 2009 Posted in pa-dss | 1 Comment »

It was only a matter of time before someone wrote a credit card virtual terminal application for the iPhone.  It requires you to have a Merchant ID and processes transactions through Authorize.net.  You simply enter the PAN, expiration date, amount, ...

Service Provider or PA-DSS?

Sunday, December 7th, 2008 Posted in Payment Applications, pa-dss | No Comments »

Chris asks, Our company doesn't do any credit card transactions whatsoever.  However, some of our clients need to install our software on their back office computers.  And some of those clients are worried that we aren't PCI "Certified".  How do we assure them that ...

Definaitions, Roles and Responsibilities of PCI

Sunday, June 29th, 2008 Posted in Approved Scanning Vendor, Card Brands, Merchant, PCI DSS, PCI PIN, PCI SSC, QSA, pa-dss | 1 Comment »

In the payments industry there exists the PCI guidelines.  When we refer to PCI we are usually talking about the PCI DSS, although as anyone will tell you there is also the PCI PED, PCI PA-DSS, and others you should ...

PCI Council Hosting Webinar on PA-DSS

Wednesday, May 7th, 2008 Posted in Conferences, PCI SSC, pa-dss | No Comments »

Today the PCI SSC (Council) announced it will host a webinar titled " “Understanding the Payment Application Data Security Standard" on Thursday May 22, 2008 at 11:30 a.m. EDT and a second session the same day at 7:30 p.m. EDT. The event ...

PCI SSC adds PA-DSS

Tuesday, April 15th, 2008 Posted in PCI SSC, Payment Applications, pa-dss | 3 Comments »

Today the PCI SSC added a new standard to the running list of standards and documents it manages (PCI DSS, SAP, SAQ).  We reported this was going to happen back in November of last year.  The Payment Application Data Security ...

Trust but Verify your POS system

Thursday, February 28th, 2008 Posted in Banking, Card Brands, Merchant, Payment Applications, pa-dss | 3 Comments »

Jay from the USA asks: If our acquirer provided POS systems, do we need to make sure that the acquirer’s equipment and websites are PCI DSS compliant? I've always said that you should "Trust but Verify"!  It is very common for a ...

PCI compliance and application security

Friday, February 1st, 2008 Posted in Compliance, Payment Applications, pa-dss | 1 Comment »

I really like the reminder that Mike Rothman has to say about compliance, "The sad truth is that compliance is still the engine that is running most security operations." Let's not forget that the people who complain about compliance are ...

PABP Compliance Does NOT Imply PCI DSS Compliance

Sunday, December 30th, 2007 Posted in Service Provider, Third-Parties, Vendors, pa-dss | 10 Comments »

It has come to my attention that software vendors do not fully understand their responsibilities regarding Payment Application Best Practices (PABP) compliance and their customers’ PCI Data Security Standard (DSS) compliance. PABP compliance does not automatically imply PCI DSS ...

5 Steps to Your Next (Secure) POS

Saturday, November 24th, 2007 Posted in Credit Card Fraud, Merchant, Payment Applications, Point of Sale, pa-dss | 5 Comments »

So you might have read the recent Visa (USA) timeline for migrating to more secure point-of-sale (POS) technology. Or maybe you are looking at your aging systems and wanting to take the plunge and upgrade to a sexier, ...

PCI SSC adds PA-DSS to FAQ

Wednesday, November 14th, 2007 Posted in PCI SSC, Payment Applications, pa-dss | 2 Comments »

The PCI Security Standards Council (SSC) has updated their online FAQ to include questions and answers about the newly added PA-DSS. When will the Payment Application Data Security Standard be available? The Council has distributed a preliminary version of the PA-DSS for ...
« Previous Entries