January 20, 2009 3:30 AM
Posted by: Charles Denyer
cardholder name pci dss service code pci dss,
expiration date pci dss,
magnetic stripe pci dss,
payment card industry data security standards,
pci dss compliance auditors,
pin pin block pci dss,
primary account number PAN pci dss,
track data pci dssPayment Card Industry Data Security Standards (PCI DSS) compliance is everywhere these days, or so it seems. As a result, there seems to be some confusing information on what CAN and CANNOT be stored regarding cardholder data. Folks, there really should not be any gray area on this, as the rules...
January 17, 2009 8:00 PM
Posted by: Charles Denyer
change mangement for pci dss,
payment card industry data security standards,
pci compliance,
PCI DSS,
sas 70 audits,
sas70,
two-factor authentication for pci dssRegarding PCI DSS, as a PCI QSA i'm often asked what's the most difficult hurdle that organizations need to overcome for ensuring PCI DSS compliance. Well, we could talk at length about some of the technical, I.T. challenges, such as two-factor authentication, encryption (though not...
December 31, 2008 11:25 PM
Posted by: Charles Denyer
asv,
payment card industry data security standards,
PCI DSS,
pciassessment.org,
qsa,
SAS 70,
sas 70 type ii audit,
sas70.us.comAs an auditor, I am constantly approached by my clients desperately wanting to know if efficiencies can be obtained within the audit and assessment process for companies undergoing both a SAS70 audit and a PCI DSS...
December 30, 2008 3:21 PM
Posted by: Charles Denyer
audits,
payment card industry,
payment card industry data security standards,
PCI,
pci assessment,
pci compliance,
PCI DSS,
pci dss qsa,
regulatory compliance,
SAS 70,
sas 70 audit report,
SAS 70 checklist,
sas 70 control objectives,
SAS 70 readiness questionnaire,
sas 70 sample report,
SAS 70 Type I,
sas 70 type ii,
sas70,
sas70 sample reports,
Security,
SOX,
What is SAS 70?When ushering in the new year festivities, keep in mind that a number of regulatory compliance issues will be facing your organization also as 2009 looms just around the corner. No, they're not stocking stuffers, rather, they can be considered expensive, time-consuming, and arduous, to say the...
December 30, 2008 2:08 PM
Posted by: Charles Denyer
payment card industry,
payment card industry data security standards,
PCI,
pci assessment,
pci compliance,
PCI DSS,
pci dss qsa,
pci dss requirement 1.1.1,
pci dss requirement 1.1.2Is your organization seeking to become Payment Card Industry (PCI) Data Security Standards (DSS) compliant for 2009? Are you a merchant or service provider that is directly involved in the processing, storage, or transmission of transaction data or cardholder data? If you answered yes to these...
November 23, 2008 7:24 PM
Posted by: Charles Denyer
payment card industry,
payment card industry data security standards,
PCI,
pci assessment,
pci compliance,
PCI DSS,
pci dss qsa,
pci dss requirement 1.1.2,
policies and procedures,
qsa,
regulatory compliance,
SAS 70,
sas 70 audit reportPayment Card Industry (PCI) Data Security Standards (DSS) compliance for PCI DSS requirement 1.1.2 calls for "Current network diagram with all connections to cardholder data, including any wireless networks" Thus, testing for validating...
November 23, 2008 7:14 PM
Posted by: Charles Denyer
payment card industry,
payment card industry data security standards,
PCI,
pci assessment,
pci compliance,
PCI DSS,
pci dss qsa,
pci dss requirement 1.1.1,
policies and procedures,
qsaPCI DSS Requirement 1.1.1 calls for "A formal process for approving and testing all network connections and changes to the firewall and router configurations". Thus, the test to validate this, in accordance with PCI DSS 1.2 standards is to...
November 13, 2008 3:28 AM
Posted by: Charles Denyer
merchants,
payment card industry,
payment card industry data security standards,
PCI,
pci assessment,
pci compliance,
PCI DSS,
pci dss qsa,
service providersAre you a merchant or service provider that needs to be Payment Card Industry Data Security Standards (PCI DSS) compliance? Are you an entity directly involved in the processing, storage, or transmission of transaction data or cardholder data? If so, then read on because one of the most important...
