Cloud Computing and PCI - VM Image Sprawl
Thursday, January 8th, 2009 Posted in Compliance, Merchant, PCI DSS, Service Provider | 2 Comments »Randy Bias posted a link about virtual machine (VM) image sprawl. Just like the housing sprawl of cities, there appears to be a dramatic increase in the number of VM images being created. This could impact regulatory issues such as ...
Society going global
Friday, December 26th, 2008 Posted in Banking, Conferences, Merchant, SPSP, Service Provider, Society of Payment Security Professionals | 1 Comment »Even though we have already trained thousands of merchants, acquiring banks, and service providers in many countries around the world, we have not yet trained these groups in Africa - until now. The Society of Payment Security Professionals (SPSP) is both ...
Call centers with VoIP phones could expand PCI scope
Wednesday, December 3rd, 2008 Posted in Compliance, Merchant, Service Provider | 7 Comments »I have always said I could talk for half a day on the scoping considerations of call centers. They are complex beasts that exist for the purpose of servicing customers, which often involved either accepting or retrieving cardholder data. I ...
Visa aligns global Service Provider levels
Thursday, November 13th, 2008 Posted in Asia-Pacific, Card Brands, Europe, Service Provider | No Comments »Visa recently announced global PCI DSS deadlines, along with a very nuanced point of service provider alignment. Currently, many of the Visa regions have aligned service provider levels, but not all. For example, in Asia-Pacific the service provider levels vary ...
Visa sets global PCI DSS deadlines
Thursday, November 13th, 2008 Posted in Asia-Pacific, Card Brands, Compliance, Europe, Merchant, PCI DSS, Service Provider | 2 Comments »Only days after Visa Asia-Pacific announced compliance deadlines within their region, Visa Inc. announced global compliance deadlines for all regions. (Thanks to Danny for pointing this out.) The deadlines apply to all Visa regions globally and appear to be a natural ...
PCI DSS version 1.2 differences and updates
Wednesday, October 1st, 2008 Posted in Approved Scanning Vendor, Compensating Controls, Compliance, Merchant, PCI DSS, PCI SSC, Service Provider, Third-Parties, Web Applications, Wireless | 11 Comments »On October 1, 2008 the PCI SSC released version 1.2 of the PCI DSS requirements. There are a number of changes as outlined previously in the update document. The PCI SSC has established a life cycle process that will ensure ...
PCI DSS Requirement 6.6
Sunday, June 15th, 2008 Posted in Merchant, PCI DSS, PCI SSC, Service Provider, Web Applications | 9 Comments »Many people know by now that PCI DSS Requirement 6.6 is going into effect (meaning you must be compliant) on June 30, 2008. What these same people are asking is, how does this apply to me and my business? And ...
Verify that Compensating Controls work
Tuesday, June 10th, 2008 Posted in Compensating Controls, Merchant, QSA, Service Provider | 1 Comment »If you build a new deck in your backyard, would you test it out before inviting your friends and family over for a bar-b-que? Well it turns out that many merchants are documenting compensating controls but not actually testing them ...
PABP Compliance Does NOT Imply PCI DSS Compliance
Sunday, December 30th, 2007 Posted in Service Provider, Third-Parties, Vendors, pa-dss | 10 Comments »It has come to my attention that software vendors do not fully understand their responsibilities regarding Payment Application Best Practices (PABP) compliance and their customers’ PCI Data Security Standard (DSS) compliance. PABP compliance does not automatically imply PCI DSS ...
How deep do your PCI auditors need to go?
Saturday, September 15th, 2007 Posted in Merchant, QSA, Service Provider | 1 Comment »One of the more difficult questions to answer about PCI is how to define the scope of a project. This is a topic that does not receive much conversation because it is so very specific to the actual environment. ...
