If you are a level 1 merchant or service provider, or your acquiring bank views your organization as high risk, you must be compliant with the full Payment Card Industry (PCI) Data Security Standard (DSS). Additionally, in order to validate your compliance, you will be required to have a Qualified Security Assessor (QSA) perform a […]
Your company is required to have a full Payment Card Industry (PCI) Qualified Security Assessor (QSA) Onsite Assessment that will produce a Report on Compliance (RoC) for you to provide to your acquirer. Maybe you’re a Level 1 merchant, maybe you’ve been classified as a high risk merchant due to transaction size, maybe you’ve had […]
A Statement of Work or “SOW” is a key document for your penetration testing project. If you are at the stage of executing an SOW, it should mean that you have completed your vetting process and will be locking in your penetration testing vendor. Today, we discuss some of the key elements that you should […]
For such a short question, you may be reading this because you are struggling to find a clear answer. Many organizations may be confused about what their requirements from a PCI perspective are, and with that confusion, may not even know who they need to ask to clear it up. The question of whether you […]
For most organizations that accept credit cards for payment, compliance with PCI DSS is a necessary evil to keep your bank happy and ensure that money keeps coming in the door. And for compliance purposes, your company is likely being required to complete an SAQ, as only a relatively small percentage of large merchants (or […]
In this two-part blog series, we are looking at what you can expect after a penetration test. More specifically, what basic steps should you follow once you receive the report to start fixing the vulnerabilities uncovered. In the previous installment, we took a look at understanding the penetration testing report and coming up with an […]
