PCI 4

PCI 4.0

The Outsourced Illusion: Why Even “Cardless” E-Commerce Merchants Now Face PCI DSS Scans
ByChad April 1, 2026April 1, 2026

The New Compliance Curveball: Scanning the “Cardless” Merchant Picture this: a small online shop, never storing or seeing a customer’s credit card number, relying entirely on a trusted payment processor. For years, these merchants, classified as SAQ A, enjoyed the lightest compliance load. No card data on their servers, no heavy security checklist. Suddenly, PCI…

Read More The Outsourced Illusion: Why Even “Cardless” E-Commerce Merchants Now Face PCI DSS Scans
ASV | vulnerability

PCI DSS Vulnerability Scans & Approved Scanning Vendors
ByChad September 25, 2025September 24, 2025

Safeguarding payment data is more critical than ever. About a year ago, the PCI Council released a blog post that explained what an ASV was and why it’s essential. It contained some valuable information, so I wanted to share it. You can find the original post here. The PCI Security Standards Council (PCI SSC) has…

Read More PCI DSS Vulnerability Scans & Approved Scanning Vendors
PCI 4.0

Digital Skimming: The Growing Threat to Businesses in the Digital Era
ByChad January 31, 2025February 11, 2025

The movement of money from physical to digital has revolutionized how we bank and shop. However, this shift has also attracted criminals, replacing traditional heists with sophisticated digital thefts. Data is as valuable as money in today’s economy, making nearly every business a potential target for digital skimming attacks. From customer lists and payroll information…

Read More Digital Skimming: The Growing Threat to Businesses in the Digital Era
PCI 4.0 | Risk Management

PCI DSS Targeted Risk Analysis (TRA): What to Know
ByChad November 11, 2024December 19, 2024

Introduction As of March 31, 2025, Targeted Risk Analysis (TRA) will become a mandatory requirement for several controls in PCI DSS v4.0.1. This requirement affects both merchants and service providers equally, marking a significant change in compliance procedures. Key Points About TRA Requirements When is TRA Required? Organizations must implement TRA if they: When is…

Read More PCI DSS Targeted Risk Analysis (TRA): What to Know
PCI

Changes to SAQs in PCI DSS v4.
ByChad October 31, 2022

With the development of PCI DSS v4 most of the changes are in the Report on Compliance (ROC) but there are also updates to the SAQ’s to align with the new standards. Here are some of the highlights and clarifications for the new SAQs. The responsibilities for merchants for which form they need to fill…

Read More Changes to SAQs in PCI DSS v4.
PCI

What’s New in PCI DSS v4.0?
ByChad March 23, 2022

The PCI Security Standards Council (PCI SSC) issued version 4.0 of the PCI Data Security Standard (PCI DSS) on March 31, 2022. The PCI DSS is a global standard that establishes a baseline of technical and operational standards for protecting account data. PCI DSS v4.0 replaces PCI DSS version 3.2.1 to address emerging threats and…

Read More What’s New in PCI DSS v4.0?
PCI

Understanding PCI Compliance
ByChad July 28, 2020

Before I begin I want to clarify one important item, only your processor(s), acquiring bank(s), and/or card brand(s) can give you a definitive answer regarding your merchant level. I originally published this article in 2020 but I have updated with the latest level information and included UnionPay. Compliance with PCI DSS is crucial for any…

Read More Understanding PCI Compliance