March is upon us and so is the looming PCI DSS 4.0 compliance deadline. In just a few short weeks, the previous PCI Data Security Standard (version 3.2.1) will be officially retired and a multitude of new requirements of PCI DSS 4.0 will need to be implemented. Do you have questions regarding the transition to…
The blog post was written by a friend and former co-worker you may know as the PCI Guru, he discusses a notable change in the Payment Card Industry Data Security Standard (PCI DSS) Report On Compliance (ROC) Reporting Template, specifically in version 4.0. He highlights a shift in the template’s language, emphasizing the need for…
Reposted from PCI Website. Service providers cannot use SAQ eligibility criteria to determine the applicability of PCI DSS requirements for assessments documented in a Report on Compliance. The only acceptable SAQ for service providers is SAQ D for Service Providers. All other SAQs are intended for merchant use only. Merchants with environments that fully meet all…
This article is meant to call out some of the items some companies or people might not understand about the ASV program. Most of the content is directly from the program guide that can be found on the PCI Councils website. This is in no way a full description of the program guide or a…
With the development of PCI DSS v4 most of the changes are in the Report on Compliance (ROC) but there are also updates to the SAQ’s to align with the new standards. Here are some of the highlights and clarifications for the new SAQs. The responsibilities for merchants for which form they need to fill…
I get asked all the time what periodic or significant change means in PCI. Here is a breakdown of what the PCI DSS means for each. Timeframes in PCI DSS Descriptions and Examples Daily Every day of the year (not only on business days). Weekly At least once every seven days. Monthly At least once …
The PCI Security Standards Council (PCI SSC) issued version 4.0 of the PCI Data Security Standard (PCI DSS) on March 31, 2022. The PCI DSS is a global standard that establishes a baseline of technical and operational standards for protecting account data. PCI DSS v4.0 replaces PCI DSS version 3.2.1 to address emerging threats and…
Before I begin I want to clarify one important item, only your processor(s), acquiring bank(s), and/or card brand(s) can give you a definitive answer regarding your merchant level. I originally published this article in 2020 but I have updated with the latest level information and included UnionPay. Compliance with PCI DSS is crucial for any…
In today’s dynamic, multi-vendor network environments, usually having tens or hundreds of firewalls running thousands of rules, a manual security audit was performed which now borders on the impossible. Firewall administrators must rely on their own experience and skills to manually perform the audit process to decide if a given firewall rule should or should…
Merchants that use Scottsdale, Ariz.-based security services provider Chief Security Officers (CSO) to validate their adherence with the Payment Card Industry Data Security Standard (PCI DSS) will have to find a new assessor. The PCI Security Standards Council, the group responsible for managing payment security, last week revoked CSO’s status as a Qualified Security Assessor…
