Secure Payments, PCI DSS, Regulatory Compliance Blog

Archive for the ‘Service Provider’ Category

Merchant and a Service Provider? Can it be?

Thursday, August 30th, 2007 Posted in Compliance, Merchant, Service Provider | 4 Comments »

With PCI companies are classified into different categories. A company may be a merchant, service provider, acquirer, issuer, etc. Most banks understand their compliance obligation, but the remaining categories of merchant and service provider are looking for guidance ...

Where did the operating system go? Security as a service

Monday, July 2nd, 2007 Posted in Approved Scanning Vendor, PCI DSS, Service Provider, Vendors | 1 Comment »

A few weeks back I was invited to the Qualys annual conference in San Francisco. Their theme was Software as a Service (SaaS). No sooner had I returned than CIO Magazine has Software as a Service as their ...

Does The Right Hand Know What the Left Hand Is Doing?

Friday, June 8th, 2007 Posted in Card Brands, Encryption, Merchant, PCI DSS, Point of Sale, Service Provider, Third-Parties | 3 Comments »

According to Digital Transaction News, Visa USA is ready to introduce account-level processing (ALP). “Visa claims ALP will allow smoother transitions to new cards for cardholders, and will let merchants, in partnership with issuers, design more effective rewards programs.” Sounds good ...

Preparing for PCI

Tuesday, March 20th, 2007 Posted in Compliance, Merchant, PCI DSS, Service Provider | 4 Comments »

Many companies have been PCI DSS compliant for a few years. I get reports from people saying year 3 is much easier than their first time around. Others are just dipping their feet into the waters of PCI ...

The “multiples” of not complying

Friday, March 2nd, 2007 Posted in Card Brands, Credit Card Fraud, Merchant, PCI DSS, PCI PIN, Service Provider | 6 Comments »

I had an IM chat this morning with Martin McKeay asking why everyone feels there are no teeth to PCI compliance. I worked with him on such a project and wanted his feedback. It seems everyone feels there ...

Ukrainian service provider gets PCI compliant

Wednesday, February 28th, 2007 Posted in Compliance, Service Provider | No Comments »

Although the Ukraine has not yet been accepted into the EU, they do have a PCI compliant Level 1 service provider.  (Certificate of Compliance) TechnoPark Corp. is the first Ukrainian IT company to make the product which has got the certificate ...

The Gestalt of PCI

Wednesday, February 21st, 2007 Posted in Banking, Card Brands, Compliance, Credit Card Fraud, Government, Merchant, PCI DSS, Service Provider | 7 Comments »

Michael Farnum wrote on "Here's why PCI DSS exists" and his analysis is correct but needs some clarification. He writes in response to a Boston Globe article on the Stop & Shop credit card compromise. The debate is ...

Management and Hosting Company

Thursday, February 15th, 2007 Posted in Card Brands, Compliance, Service Provider | 7 Comments »

Tom writes in to ask: I work for a hosting and network management company and we have a prospect that is PCI compliant. As such they need for us to be PCI compliant. As we are not transacting directly ...

PCI 30-second Elevator Pitch

Wednesday, February 7th, 2007 Posted in Merchant, Service Provider | 4 Comments »

Martin McKeay asks: Does anyone have a good 30-second explanation of PCI? In other words, if you have a couple minutes in the elevator with the CFO of your company, how do you describe PCI and get him wanting ...

Non-Compliance Fees Growing

Tuesday, February 6th, 2007 Posted in Card Brands, Compliance, Merchant, Service Provider | 3 Comments »

Many of you have read about the non-compliance fees that will be levied starting March 31, 2007 and September 30, 2007. What you may not have known is that the non-compliance fees for storage of sensitive authorization data actually ...
« Previous Entries
Next Entries »