Let’s be real for a second – the report on compliance is mandatory for all level 1 merchants and any merchant regardless of level that is required to provide a report on compliance by either their acquirer or card brand. Most level 1 merchants fall out of compliance shortly after the ink is dry on their most recent report. Why? Because they don’t have a sustainability program. The RoC is treated like a bad surprise every year and that creates wasted effort, lost money, and burned out staff.
For most merchants, PCI DSS Compliance is a confusing, complicated mix of requirement complexity, lack of knowledge, and an ever changing threat landscape. From small retailers to global merchants, PCI is…
Warning: Complacency With Your Vulnerability Management Program Can Hurt Your Organization By definition, a computer virus is: a malicious application or authored code used to perform destructive activity on a…
It was a whirlwind of 3 days of video presentations and key note speakers. Rolling with the changes brought to the world by a global pandemic, the PCI Security Council…
With 72% of merchants falling out of compliance shortly after completing a Report on Compliance (Verizon 2020 Payment Security Report), it's clear that not many merchants have a robust PCI…
Welcome back to the our series, The Ultimate Guide On Managing PCI DSS Requirement Frequencies. This week we’re diving head first into Requirement 3, “Protect Stored Cardholder Data,” and Requirement…
We’re interrupting the Ultimate Guide to PCI DSS Requirement Frequencies to bring you an important lesson on how to decipher the requirements in the DSS. Who should read this post:…
Welcome back to the Ultimate Guide To PCI DSS Requirement Frequencies! So far we’ve covered Understanding Your Scope and Getting Control of Unruly Firewall and Router Rules. Today we’re moving…
Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.
Does managing your PCI scope feel like you’re herding cats or trying to nail jell-o to a tree? If you don’t have a handle on your scope, achieving or maintaining PCI DSS Compliance is next to impossible.