category:

PCI DSS

Article

New PCI SSC Guidance on Software-based PIN Entry on COTS

The PCI SSC released new guidance regarding software-based PIN entry on commercial off-the-shelf (COTS) devices on January 24, 2018.

PCI DSS
Read More about the New PCI SSC Guidance on Software-based PIN Entry on COTS
Article

Securing E-commerce Payment Pages

Generally speaking, the safest option for e-commerce is to use a fully outsourced, PCI-compliant, third- party payment provider whose primary purpose is to securely process payment card transactions.

Third-Party Service Providers
Read More about the Securing E-commerce Payment Pages
Article

Segmentation: Recommended by 5 out of 5 QSAs

While segmentation is not a requirement of the PCI DSS, it is generally accepted as the most effective way to separate those identified in-scope systems from those that need not be involved when adhering to PCI DSS requirements.

PCI DSS
Read More about the Segmentation: Recommended by 5 out of 5 QSAs
Article

File Integrity Monitoring

File integrity monitoring (FIM) is a security control that involves examining files to identify modification to critical system files and the who, when, and how the changes were made. Organizations will often utilize FIM to monitor files for suspicious activities or modifications, and for detecting malware.

Cybersecurity
Read More about the File Integrity Monitoring
Article

Requirement 2: Changing Vendor Defaults

Before any systems (e.g., operating systems, software, applications, point of sale terminals, etc.) are installed within your organization’s network, ensure the default passwords have been changed.

PCI DSS
Read More about the Requirement 2: Changing Vendor Defaults
Article

Information Disposal: Securely Deleting Data

Once stored data is no longer needed, the PCI DSS includes specific requirements for disposing of cardholder data whether stored on paper or electronic media.

PCI DSS
Read More about the Information Disposal: Securely Deleting Data
Article

PCI DSS Version 3.2 – Are You Meeting All New Requirements?

Version 3.2 of the PCI DSS was released in April 2016 with several updates intended to better protect organizations from data breaches and help clarify some previous points of confusion within the standard.

PCI DSS
Read More about the PCI DSS Version 3.2 – Are You Meeting All New Requirements?
Article

PCI Acronym Reference Guide

To help you understand the lingo behind compliance, here are some of the most common terms you might hear in reference to PCI and what exactly they are referring to.

PCI DSS
Read More about the PCI Acronym Reference Guide
Article

Life After P2PE

You have made the decision to deploy a PCI-listed Point-to-Point Encryption (P2PE) solution on campus. No more worrying about PCI compliance, right? Wrong.

PCI DSS
Read More about the Life After P2PE