News

PCI DSS Version 4 – When’s It Coming?

2020-06-09T10:42:34+13:00

Probably one of the most frequent questions we get at the moment is around when Version 4 of the PCI DSS will be released. It's the question that's on everyone's mind because a new version of the Standard usually means changes to the requirements that people need to address. While there's not a [...]

PCI DSS Version 4 – When’s It Coming?2020-06-09T10:42:34+13:00

Where Does it Say I Have to be PCI Compliant?

2020-05-13T16:21:58+13:00

One of the questions we get asked a lot is "Where it says that someone has to be PCI compliant?" To understand the answer to this, first we have to understand how the responsibilities are set out. Who Sets the Rules? First, the PCI Security Standards Council (or PCI SSC) sets out the rules. [...]

Where Does it Say I Have to be PCI Compliant?2020-05-13T16:21:58+13:00

How Do I Become a PCI Compliant Service Provider?

2020-04-30T17:15:09+13:00

If you've recently come to the realisation that your organisation should look at PCI compliance as a service provider, you're probably wondering how you actually get to the point of becoming PCI compliant. While there aren't a lot of PCI compliant service providers in NZ, that just means there are more opportunities for local companies. [...]

How Do I Become a PCI Compliant Service Provider?2020-04-30T17:15:09+13:00

Why Should I Become a PCI Compliant Service Provider?

2020-04-30T17:11:01+13:00

One of the most common misperceptions about PCI DSS is that only merchants who directly accept payments need to be PCI DSS compliant. In fact, if any of your customers require PCI compliance, you might also need to become PCI compliant or be included in your customers' assessments. Any service provider that has the ability [...]

Why Should I Become a PCI Compliant Service Provider?2020-04-30T17:11:01+13:00

Moving to the Cloud and Staying PCI Compliant

2020-04-01T13:57:56+13:00

We are seeing a lot of trends where organisations are moving to the cloud. If you haven’t moved to the cloud, you’ve probably been asked about it by at least one person in your organisation. The biggest players that we see in the cloud space are: Amazon Web Services [...]

Moving to the Cloud and Staying PCI Compliant2020-04-01T13:57:56+13:00

That’s Not My Responsibility (or Why You Need a Responsibility Matrix)

2020-03-18T11:49:48+13:00

One of the worst things you can hear during your PCI assessment (aside from maybe finding out about unprotected cardholder data) is your service provider saying “That’s not my responsibility”. Suddenly, you find yourself pushing your service provider to do things differently, facing unforeseen costs, and facing a potentially long remediation period. Having a responsibility [...]

That’s Not My Responsibility (or Why You Need a Responsibility Matrix)2020-03-18T11:49:48+13:00

What’s My Risk?

2020-03-18T11:50:16+13:00

PCI DSS requires you to regularly understand and review the risks that are applicable to your environment. There area number of different ways that you can understand and document your risks, including OCTAVE, ISO 27005, and NIST SP 800-30. This article explains one way that you can approach understanding and documenting your risks, but you [...]

What’s My Risk?2020-03-18T11:50:16+13:00

What Are My Reporting Requirements?

2020-03-19T11:14:42+13:00

Caveat: This isn’t a post about which Self-Assessment Questionnaire SAQ you should use. You can confirm that by speaking with your acquiring bank. Confide can assist in these conversations and give our opinion on what SAQ we believe is correct, but your acquiring bank will make the final decision. There are a lot of acronyms [...]

What Are My Reporting Requirements?2020-03-19T11:14:42+13:00