Blog – A Place for QSAs to Share
I’ve been a PCI QSA for many years and in the IT Security space for 15 plus years. I consider myself an expert in many areas of IT Security. However, I still come across security...
View ArticleWhat is PCI Compliance?
What is PCI? or better yet What is PCI Compliance? PCI or more commonly PCI DSS stands for “Payment Card Industry Data Security Standard” and is a set of industry rules (There is no governmental...
View ArticleAmerican Express Adds Registration Requirement for Service Providers
American Express has recently put into place a mandatory Service Provider Registration (SPR) program. This program is very similar to the Visa and MasterCard Service Provider programs already in...
View ArticleA PCI Compliance Checklist
Do you have clients that ask about a PCI Compliance Checklist? (or maybe you are looking for one). Here is basic information a small/medium merchant would need to follow to be compliant: 1st, see my...
View ArticleCommon ASV Vulnerability Scan Misconfigurations…Are You Guilty?
In today’s security environment, conducting accurate PCI Assessments are an important part of a companies overall security strategy. Right or not some companies count on their QSA auditor to find their...
View ArticleHow to Get Less Findings on Your Next Internal Penetration Test
…and Become More Secure As a penetration tester I find it TOO EASY to fully compromise an internal network – without finding a single “vulnerability”! I spend most of my time on two types of...
View ArticleReducing PCI Scope, What Makes Good Network Segmentation?
What systems are in scope for PCI Compliance? If you go by the PCI DSS Requirement document This is what they say in version 3.0 about PCI Scope. The PCI DSS security requirements apply to...
View ArticleVisa Introduces Enhanced PCI DSS Enforcement Plan
Are you PCI Compliant Yet? A lot of merchants and service providers are not and you better hurry! Visa has announced that it is stepping up enforcement of PCI Compliance. With all of the high profile...
View ArticlePCI Security 101
Need to get up to speed on the hot PCI Compliance topics? Interested in Chip and PIN or Mobile Payments? I thought so…The PCI SSC has produced several well made videos that quickly cover some of the...
View Article
More Pages to Explore .....