Rapid Requirements: When You Miss a Requirement


Missed a Requirement? A new way that we see reporting changing in v4.0 is that it brings in a new process for when you miss a requirement and how it could still be considered as meeting your compliance requirements. It's not a "get out of jail free" card, and it's not an excuse [...]

Rapid Requirements: When You Miss a Requirement2022-04-14T17:44:56+13:00

Why is it Important to Measure and Manage your Cyber Risk?


For a long time, the domain of specialised technology teams within organisations resulted in siloed IT operations and risk being kept away from the wider business. Cybersecurity a topic gaining attention around Exec and Board tables in today’s digital world. Terms like cyber activism, ransomware, and cyber terrorism haven’t been around all that [...]

Why is it Important to Measure and Manage your Cyber Risk?2022-01-28T12:50:40+13:00

Version 4 – It’s Actually Coming Soon!


We've been mentioning it for years now, but in some exciting PCI DSS news, Version 4.0 is actually coming soon. On 22 January 2022, the PCI SSC released the stakeholder preview of version 4.0. And while we are still under an NDA and can't talk about it, we're excited to say that we're [...]

Version 4 – It’s Actually Coming Soon!2022-01-25T10:15:44+13:00

PCI DSS: Gold Standard, Bare Minimum, or Somewhere in the Middle?


A criticism often aimed at Payment Cards Industry‘s (PCI) Data Security Standard (DSS) is that it sets the bar too high. Often security practitioners find fault in the way that PCI DSS does some things (minimum password lengths anyone?). The truth is probably somewhere in between these two extremes. There are parts of PCI [...]

PCI DSS: Gold Standard, Bare Minimum, or Somewhere in the Middle?2022-03-08T15:13:43+13:00

PCI as a Project Manager


You've just finished a project successfully, on time, (mostly) on budget, and maybe even exactly what was asked for. You turn up to work the next day and there's a new project waiting for you. Something called "PCI". Suddenly, you've been dropped into a world of compliance, standards, security, reporting, and things you've [...]

PCI as a Project Manager2021-09-30T17:24:51+13:00

An Interview with Confide’s Associate Director of Security


In January 2021, the PCI Security Standards Council published an interview with Nicole Braun, Confide's Associate Director of Security to find out about how she got involved in the payments field, and her experiences as a woman working in a field that has been traditionally male. She also talks about how [...]

An Interview with Confide’s Associate Director of Security2021-01-26T16:36:22+13:00

Looking forward to 2021 in the World of Payments


We all know that 2020 brought a lot of uncertainty and changes to the way that we do things. And while some of that is not going to change in 2021, we thought this was a good time to look forward to what we expect for 2021 in the payments industry and how [...]

Looking forward to 2021 in the World of Payments2021-01-08T14:09:12+13:00

Updates to the NZ Privacy Act 2020


You may have heard something about the Privacy Act being updated. There's lots in the news these days about privacy, including new laws being passed which protect customer data: GDPR (EU General Data Protection Regulation) from 25th May 2018 CCPA (California Customer Privacy Act) from 1st January 2020 PDPB (India Personal Data Protection [...]

Updates to the NZ Privacy Act 20202020-10-15T14:47:55+13:00

Protecting Payments Over the Phone


It's not uncommon to take payments by phone. Whether you're a small business, a charity, or a large retailer; there may be situations where your customers need to make a payment over the phone. However, if you are taking payments by phone, there are a few things that you need to keep in [...]

Protecting Payments Over the Phone2020-07-22T11:27:14+13:00

Do Good Deeds and Take Donations Securely


If you're a charity, you may never have thought that you might need PCI compliance and why it might matter to your donors. The Fred Hollows Foundation has worked hard to reach, and maintain on an annual basis, PCI compliance and has found clear benefits to their organisation, including: Stronger foundation for the [...]

Do Good Deeds and Take Donations Securely2020-07-22T11:53:54+13:00