Currently, there is no requirement to use a PCI compliant service provider (although the card brands and banks may require you to do so). If you are outsourcing some of your compliance responsibilities to a third-party, you need to understand what this means for your own PCI DSS compliance. If you use a service provider [...]
When you think of PCI DSS, you probably don’t automatically think of drawing diagrams. But diagrams are vital to understanding your scope, understanding your environment, and are two of the PCI requirements that may apply to you. PCI DSS requires three types of diagrams: High-level network diagrams. Detailed network diagrams. Cardholder data flow diagrams. In [...]
The word “scope” gets used a lot when you’re talking about PCI DSS. But it is also often misunderstood. This article provides some basic information about scope and how to start understanding what is in-scope for PCI DSS. Who is Responsible for Scoping? Both you and your QSA need to be able to understand the [...]
One of the most frequent questions we get is what the term “Significant Change” means for PCI. In this article we try to demystify this term a little and help you understand the various ways that the term is used in PCI DSS. What is Significant Change? The PCI SSC says that a significant change [...]
Every year, Verizon publishes a report on PCI DSS and the key findings from the year. 2019 was no different. One of the most interesting findings of this report is how few organisations have a programme in place to measure the maturity of the PCI compliance program. Approximately 60% of organisations that were surveyed did [...]
Overview The Payment Card Industry Data Security Standard (PCI DSS) is a set of twelve high-level requirements which all merchants and service providers who take card payments or who manage systems that are involved in transactions are required to follow. PCI DSS has high-level requirements and detailed testing requirements that need to be carried out [...]
OVERVIEW In April 2016, Version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) was released. This new version of the standard contains a number of new requirements which come into full force as of 1 February 2018. This document provides an overview of what is new in Version 3.2, separated by: Clarification of [...]
