PCI DSS

PCI DSS v3.2 and the Penetration Testing Requirements for Service Providers

Penetration-test-PCI

In April 2016, the Payment Card Industry Security Standards Council (PCI SSC) released PCI Data Security Standard (PCI DSS) version 3.2.  With the updates came clarification to requirements, additional guidance, and the additional seven new requirements.

Read More

PCI DSS: Updated Penetration Testing Requirements – Frequently Asked Questions

pci-dss

Is your organization prepared for the upcoming PCI DSS requirement going into effect? To prepare your organization for this change, our team has assembled an FAQ to address any of your potential questions. Read now: What to Expect from PCI DSS 3.2 What is the new penetration testing requirement? Requirement 11.3.4.1 requires that organization perform […]

Read More

Outline of Guidance for PCI DSS Scoping and Network Segmentation

In order to clarify scoping and network segmentation principles in PCI DSS, the PCI SSC has released additional guidance in order to help organizations identify what systems are considered in scope for PCI DSS assessments. This guidance was developed by industry experts and the PCI SSC Board of Advisors in order to assist organizations in […]

Read More

3 Security Trends that will Continue in 2017

With the ushering in of another new year, I find myself acting nostalgic, wondering where the previous year went and of course pondering the year ahead. Here are three security and commerce trends which will continue in 2017. Healthcare Data Breach According to the Privacy Rights Clearinghouse, healthcare data breaches in 2016 comprised of 290 […]

Read More

Visa Global Registry of Service Providers: Are you on the list?

compliance-trek

Visa has released new tools and changes, which add value to service providers who store, process, or transmit cardholder data on behalf of merchants or other entities. For years, Visa has offered service providers the Visa Global Registry of Service Providers, a prestigious list of entities which meet certain criteria and have completed a PCI […]

Read More

Revision in MasterCard’s Cardholder Obligations: Does It Affect You?

MasterCard has revised its Standards to allow for collection agents to accept signature debit cards in the US. This revision is effective immediately and will be reflected in upcoming versions of MasterCard Rules. This change does not affect MasterCard’s credit transaction rules, and those transactions will remain prohibited as satisfactory payment for uncollectable obligations. The […]

Read More

What to Expect from PCI DSS 3.2

Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31, 2016 with all new requirements being implemented February 1, 2018 […]

Read More

PCI DSS Scoping for Colocation Providers: To Include or Not to Include?

Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. A-LIGN is heavily involved in the colocation industry, performing PCI DSS assessments as well as additional compliance audits to colocation providers throughout the US, as well as internationally. When approached by clients about adhering to PCI […]

Read More

Preparing for PCI DSS 3.2 in 2016

  Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. This update, which will likely take place of the previously anticipated Q4 2016 update, will include changes that aim to take into account “market feedback” while also observing “trending attacks causing compromises.” Specific changes noted […]

Read More

The New Standard: PCI DSS 3.1

On April 15, 2015, The PCI Security Standards Council published the PCI DSS Version 3.1.  Within the update, there were 3 types of changes that were noted.  They included: Clarifications: Clarifies the intents of the requirements.  Additional Guidance: Explanations with the purpose of providing further information on the requirements. Evolving Requirement: Changes to the requirements […]

Read More