Collaborate Disseminate
As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.
The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.
Continue reading PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity. The challenge? Many organ… Continue reading The compliance illusion: Why your company might be at risk despite passing audits
Many schools and workplaces require people using their internet to first install a root certificate, so that web traffic passing through their system can be decrypted and checked.
If someone makes an online purchase while connected to thei… Continue reading Do TLS interceptors that use root certificates to inspect traffic need to worry about PCI? [closed]
I have an app where a person enters their card number, the cardholder’s name, the expiration date and the cvv. I am now making it pci/dss-compliant. I will store the card number in an encrypted way. Can I store the cardholder’s name the pe… Continue reading Does PCI/DSS allow storing the cardholder’s name a person entered (and not the real one)
Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS), which came into effect back in April, incorporates a few important changes to make it fit for the modern digital world, addressing how technologies, the threat landscape and p… Continue reading Complying with PCI DSS requirements by 2025
Hypothetical:
Company A accepts credit card payments and must be PCI compliant.
Company B provides domain registration (but not DNS or web hosting) services to Company A.
Some of these domains are used by Company A to accept credit card d… Continue reading Would a domain registrar be considered a Service Provider for PCI compliance if it never touches its customer’s card holder data?
This Q pertains to PCI DSS v4.0 SAQ A – previous Q&A only touched on previous versions of PCI.
Since 4.0, merchants that accept credit card payment, even if they only iframe or link to their payment provider and the rest is done on the… Continue reading PCI DSS SAQ A qualification – what counts as a ‘found’ vulnerability?
We are a medium sized organization and use Payment Service Providers for all purchases, including credit card and non-credit card purchases. We get yearly audits and our internal payments platform is fully PCI SAQ-A EP compliant.
We are lo… Continue reading PCI-DSS Scope – How to determine client scope segmentation
Payment facilitators like Stripe provide card payment terminals to their customers. These devices must be periodically inspected, per requirement 9.5.1.2. How does the payment facilitator handle this, given that they don’t have physical ac… Continue reading How do payment facilitators like Stripe handle the PCI DSS requirement to periodically inspect POI devices?
I have established that my business needs to complete a PCI DSS SAQ-D form for attesting PCI compliance… twice – once as a merchant and once as a service provider!
Even completing it once is a substantial undertaking, considering the siz… Continue reading Practical advise on completing PCI DSS SAQ [closed]