Carla Brinker的动态

Being told by your payment provider that you need to be PCI DSS compliant??? ... we saved our client the hassle and cost by querying this and ... "you were right :) " Most payment providers blanket contact all their customers with a link to their PCI DSS provider (who i'm guessing they get a commission from) informing everyone they need it. Rather than spend hours filling out the forms and carrying out the scans, we took a quick step back and asked the client to query the requirement, and sure enough they don't need to be PCI DSS compliant - as they aren't storing or processing the card holder data themselves. Contact us to see if you can save costs and time. As your outsourced IT partner we can work with your suppliers and help you make these decisions, as we have full visibility of all your systems. This highlights the need for a full time partner rather than using odd job IT companies that don't see the big picture. IT security specialists at Liberate IT Services LTD

Tier 1 merchants face challenges in complying with PCI DSS, necessitating a shift from manual data handling, such as spreadsheets, to integrated software solutions to enhance compliance efficiency and scalability. Find out how to achieve that with advice from NewRocket here: https://lnkd.in/eYpqJsHt

?? On March 31, 2024, PCI DSS v3.2.1 will be retired and v4.0 will become the only active version of the new standard. Organizations will have another year after the retirement of v3.2.1 to adopt requirements that have been identified as future dated in v4.0. Before March 31, 2025, organizations are?not?required to validate these new requirements. However, if organizations have implemented controls to meet the new requirements, they are encouraged to have them assessed earlier. After March 31, 2025, these future dated requirements go into effect and must be fully considered as part of a PCI DSS assessment. There have been major improvements to requirements in PCI DSS 4.0. These include:? ?? Additional authentication controls, including strict multi-factor authentication requirements when accessing the cardholder data environment ?? Updated password requirements, including increasing password length requirement from 8 characters to 12 ?? Changing requirements around shared, group, and generic accounts Clearly defined roles and responsibilities needed for each requirement Are you ready? DM me.?My team and I will help to guide you through a vendor choice with data points and decision matrixes. Then best part??We’re paid by vendor referral.?There is zero cost to your firm.?

It is also important to ensure that the scope in PCI DSS Assessment covers people, process and technology i.e. the people in the organization that stores, processes, transmits payment card data, the process involves in the storing, processing and transmitting of payment card date and then the technology used to stores, processes, transmits payment card data.

To my much-loved Payment Card Industry (PCI) Security Community — this is such an epic solution!!! Create a free Thinkst Canary legit credit card token, and place it strategically in areas where you store your protected cardholder data. You’ll have an extremely high-fidelity alert if *anyone* attempts a payment authorisation on the card! This would unequivocally confirm if (a) the cardholder data has been stolen (b) they’re testing cards! To reiterate, this isn’t a fake or generated PAN; it's a legit PAN-assigned BIN that will go through the auth process but will be declined by the Issuer. Luckily, else we could have some real fun! ?? The difference is that you will receive an alert that there was an attempt to use the card. So flippen cool, well-done Thinkst Canary and their flock of birds! Personally, I would create a handful of unique and appropriately named tokens and strategically place them in the following areas: - Production databases - UAT databases - Support ticketing system i.e. pretend to be a client logging a ticket so it gets ingested into the ticketing system - Email Inbox - File server/s or shares within the cardholder data environment - XLS of internal company-owned travel payment cards If you’re In Scope of PCI… ?? Do. This. Now! ?? Any other awesome use cases? Please do share in the comments below. https://lnkd.in/d8h7bFuP

We’re delighted to announce the launch of an innovative new suite of PCI DSS services, to help our clients manage the workload and cost of compliance more easily and better protect their customers’ payment card data. The new suite of services includes a?Managed PCI DSS Compliance Service, where we help clients maintain PCI DSS compliance on an ongoing basis for a fixed monthly fee, and an?Assisted PCI DSS SAQ Compliance Service, where we help clients with their PCI DSS Self Assessment Questionnaire.? In addition to these new services, we offer consultancy support with PCI DSS compliance through our?PCI DSS QSA Gap Analysis & Assessment service, where we help clients achieve PCI DSS compliance by conducting a gap analysis, recommending remediation measures, and assessing them once remediation is complete. To complement these PCI DSS services, we have also launched two exciting new free online tools, to help organisations know what to expect from a PCI DSS engagement by answering a few short questions, and receiving a personalised report instantly. The first of these tools is a?readiness assessment for the new PCI DSS standard (PCI DSS v4.0), which came into effect last year and has brought with it many significant changes to the requirements of the standard. All organisations need to do is answer 15 questions, and they’ll receive a tailored report that breaks down the areas where they need to improve in order to achieve compliance with PCI DSS v4.0. The other tool is a?PCI DSS quote generator, which will ask organisations a few short questions about their situation, and advise them of how much a PCI DSS engagement would likely cost them. Find out more on our website: https://lnkd.in/ePH5bVsS

Okay, here's a PCI DSS Compliance-related scenario for you to ponder over: A Merchant has fully outsourced their payment card operations to Third Party Service Providers (TPSPs). However, not all of the TPSPs are PCI DSS compliant. How does this impact their PCI DSS compliance? - Page 16 of the PCI DSS states: "Requirement 12.8 does not specify that the customer’s TPSPs must be PCI DSS compliant, only that the customer monitors their compliance status as specified in the requirement. Therefore, a TPSP does not need to be PCI DSS compliant for its customer to meet Requirement 12.8." - The SAQ A Eligibility Criteria states: "The merchant has confirmed that TPSP(s) are PCI DSS compliant for the services being used by the merchant;" - The PCI Security Standards Council's FAQ 1312 states: "Requirement 12.8 does not specify that the customer's TPSPs must be PCI DSS compliant, only that the customer monitors their compliance status as specified in the requirement. Therefore, TPSPs do not need to be validated as PCI DSS compliant for the customer to meet Requirement 12.8. However, if a TPSP provides a service that meets a PCI DSS requirement(s) on behalf of the customer, then those requirements are in scope for the customer's assessment and the TPSP's compliance of that service will impact the customer's compliance." Therefore, if the Merchant wishes to complete the SAQ A, they have two choices: 1. Ensure that the TPSP is fully PCI DSS compliant and not just against the PCI DSS Requirements that they support from the SAQ A. 2. Include the TPSP in the Merchant's SAQ A assessment. https://lnkd.in/eVjm42xs #pcidss #pcidssv4 #pcicompliance

This breaks down what sections 6.4.3 and 11.6.3 means to companies in terms of being PCI-DSS 4.0.1 compliant. They place a clear requirement on customers for real-time monitoring and mitigation of web pages to protect cardholders and their data. 11.6.3 also places focus on changes to HTTP headers and script contents. Read the article to see how Imperva simplifies compliance through our Client-Side Protection product. https://lnkd.in/dFm56VBJ

Here are ten widely held misconceptions about PCI compliance regulations and clarifications to dispel these myths. Read to know more. https://loom.ly/_hNfNm4 #knowmore #pcicompliance #complianceregulations