News

That’s Not My Responsibility (or Why You Need a Responsibility Matrix)

2020-03-18T11:49:48+13:00

One of the worst things you can hear during your PCI assessment (aside from maybe finding out about unprotected cardholder data) is your service provider saying “That’s not my responsibility”. Suddenly, you find yourself pushing your service provider to do things differently, facing unforeseen costs, and facing a potentially long remediation period. Having a responsibility [...]

That’s Not My Responsibility (or Why You Need a Responsibility Matrix)2020-03-18T11:49:48+13:00

What’s My Risk?

2020-03-18T11:50:16+13:00

PCI DSS requires you to regularly understand and review the risks that are applicable to your environment. There area number of different ways that you can understand and document your risks, including OCTAVE, ISO 27005, and NIST SP 800-30. This article explains one way that you can approach understanding and documenting your risks, but you [...]

What’s My Risk?2020-03-18T11:50:16+13:00

What Are My Reporting Requirements?

2020-03-19T11:14:42+13:00

Caveat: This isn’t a post about which Self-Assessment Questionnaire SAQ you should use. You can confirm that by speaking with your acquiring bank. Confide can assist in these conversations and give our opinion on what SAQ we believe is correct, but your acquiring bank will make the final decision. There are a lot of acronyms [...]

What Are My Reporting Requirements?2020-03-19T11:14:42+13:00

Secure Your Terminals

2020-03-18T11:51:11+13:00

Merchants with EFTPOS terminals have a set of requirements specific to card-present transaction security. That's because card-skimming can happen anywhere, and it even happens in New Zealand! In this article, we want to help you understand how to protect the devices that your customers interact with to pay you. Know Your Devices PCI requires [...]

Secure Your Terminals2020-03-18T11:51:11+13:00

Penetration Testing and Vulnerability Scanning, What’s the Difference?

2020-03-18T13:04:03+13:00

Two of the terms that frequently get misused (and often are interchanged) are vulnerability scanning and penetration testing. These two items are different and meet different parts of the PCI requirement. In fact, these terms get confused so often that the PCI SSC even published information on the differences between them. In this article we [...]

Penetration Testing and Vulnerability Scanning, What’s the Difference?2020-03-18T13:04:03+13:00

What Do I Need to Scan to be Compliant?

2020-03-18T11:52:24+13:00

The Payment Card Industry Data Security Standard (PCI DSS) requires several types of scanning to be completed. This article provides an overview of the types of scanning, frequency for scans, and what it typically applies to in the environment. The table below provides a summary of this. […]

What Do I Need to Scan to be Compliant?2020-03-18T11:52:24+13:00

Service Provider or Merchant?

2020-03-18T11:52:53+13:00

If you’re reading this, you’ve probably been told that you need to be PCI compliant, either by your bank or by your customer. Even if you don’t directly accept credit or debit cards, PCI DSS may still apply to you if you have the ability to affect the security of someone else’s cardholder data environment. [...]

Service Provider or Merchant?2020-03-18T11:52:53+13:00

My Service Provider Isn’t Compliant, Now What?

2020-03-18T12:00:39+13:00

Currently, there is no requirement to use a PCI compliant service provider (although the card brands and banks may require you to do so). If you are outsourcing some of your compliance responsibilities to a third-party, you need to understand what this means for your own PCI DSS compliance. If you use a service provider [...]

My Service Provider Isn’t Compliant, Now What?2020-03-18T12:00:39+13:00

Diagram Your Processes

2020-03-18T11:54:35+13:00

When you think of PCI DSS, you probably don’t automatically think of drawing diagrams. But diagrams are vital to understanding your scope, understanding your environment, and are two of the PCI requirements that may apply to you. PCI DSS requires three types of diagrams: High-level network diagrams. Detailed network diagrams. Cardholder data flow diagrams. In [...]

Diagram Your Processes2020-03-18T11:54:35+13:00

Contact Info

50 Manners Street, Level 1 Suite 1, Wellington 6011

Phone: +64 (04) 979 9869

Web: Confide

Recent Posts