Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘Payment Applications’ Category

Service Provider or PA-DSS?

Sunday, December 7th, 2008 Posted in Payment Applications, pa-dss | No Comments »

Chris asks, Our company doesn't do any credit card transactions whatsoever.  However, some of our clients need to install our software on their back office computers.  And some of those clients are worried that we aren't PCI "Certified".  How do we assure them that ...

E-Commerce Startups deal with PCI compliance

Monday, November 3rd, 2008 Posted in Compliance, Merchant, PCI DSS, Payment Applications, Third-Parties | 11 Comments »

When I see someone doing something well I light to put the spotlight on it.  Damon has a great blog for startups and how they can deal with security issues.  You see, small companies have different needs and interests than ...

Web-Facing Applications

Tuesday, April 15th, 2008 Posted in PCI DSS, Payment Applications | 6 Comments »

So the eternal question about the difference between PCI DSS 6.5 "web application" and the 6.6 "web-facing application".  The intent of 6.5 is for internally developed, Internet and intranet facing web-applications.  PCI DSS 6.6 is meant for Internet-facing web-applications, and ...

PCI SSC adds PA-DSS

Tuesday, April 15th, 2008 Posted in PCI SSC, Payment Applications, pa-dss | 3 Comments »

Today the PCI SSC added a new standard to the running list of standards and documents it manages (PCI DSS, SAP, SAQ).  We reported this was going to happen back in November of last year.  The Payment Application Data Security ...

Trust but Verify your POS system

Thursday, February 28th, 2008 Posted in Banking, Card Brands, Merchant, Payment Applications, pa-dss | 3 Comments »

Jay from the USA asks: If our acquirer provided POS systems, do we need to make sure that the acquirer’s equipment and websites are PCI DSS compliant? I've always said that you should "Trust but Verify"!  It is very common for a ...

PCI compliance and application security

Friday, February 1st, 2008 Posted in Compliance, Payment Applications, pa-dss | 1 Comment »

I really like the reminder that Mike Rothman has to say about compliance, "The sad truth is that compliance is still the engine that is running most security operations." Let's not forget that the people who complain about compliance are ...

5 Steps to Your Next (Secure) POS

Saturday, November 24th, 2007 Posted in Credit Card Fraud, Merchant, Payment Applications, Point of Sale, pa-dss | 5 Comments »

So you might have read the recent Visa (USA) timeline for migrating to more secure point-of-sale (POS) technology. Or maybe you are looking at your aging systems and wanting to take the plunge and upgrade to a sexier, ...

PCI SSC adds PA-DSS to FAQ

Wednesday, November 14th, 2007 Posted in PCI SSC, Payment Applications, pa-dss | 2 Comments »

The PCI Security Standards Council (SSC) has updated their online FAQ to include questions and answers about the newly added PA-DSS. When will the Payment Application Data Security Standard be available? The Council has distributed a preliminary version of the PA-DSS for ...

PCI SSC adopts PABP as PA-DSS

Wednesday, November 7th, 2007 Posted in Card Brands, Merchant, PCI PIN, Payment Applications, Point of Sale, pa-dss | 4 Comments »

In early September the PCI SSC added the PIN Entry Device (PED) standard to its dossier of oversight items. Then at the end of September they announced the success of the first ever Community Meeting for Participating Organizations. Now in ...

Visa Payment Application Mandates and Deadlines

Tuesday, October 30th, 2007 Posted in Card Brands, Merchant, Payment Applications | 4 Comments »

As many people have noted, Visa released their Payment Application Security Mandates last week. Visa will implement a series of mandates, beginning January 1, 2008, to eliminate the use of vulnerable payment applications from the Visa payment system. ... These mandates ...
« Previous Entries