What is PCI DSS compliance and why is it important?
In an age where we in a lot of countries can declare that cash is no longer king, ensuring the secure handling of cardholder data has become increasingly important. A critical part in this has been the establishment of PCI DSS. So, what is PCI DSS compliance and how does the security standard protect card […]
The importance of being transparent in PCI DSS
Let’s talk importance of being open and transparent, especially during the GAP analysis. GAP analysis as a pre-audit It is very important for an entity starting its compliance process to perform a GAP analysis towards the standard. Such an analysis provides a sort of pre-audit to highlight the gaps (therefore GAP analysis) such an entity […]
The scoping exercise: the foundation for PCI DSS compliance
When you start a PCI DSS compliance project, scoping is what some of us QSAs use to call “requirement zero”. The more complex your processes and systems for storing, transmitting and/or processing cardholder data are, the harder it will be to achieve and maintain compliance. This explains why reducing the PCI DSS scope represents such […]
How security measures keep the scare away 👻
Facebook. Flipboard. Fortnite. All three have had security breaches in 2019 leaking hundreds of millions of customers data to hackers. Downright frightful. The spookiest part? It’s not the first time for some of these companies, and it all could have been avoided witch 🧙is the whole point. When was the last time your organization ensured […]
Security/privacy by design and software development
In this post we will explain the concept of security/privacy by design with regards to software development, the GDPR and the PCI DSS. Security by design in PCI DSS In the PCI DSS requirement 6.3, one of the sub requirements state: Develop internal and external software applications (including web-based administrative access to applications) securely, incorporating […]
How to determine and reduce PCI DSS scope
The journey towards PCI compliance is not always straightforward. The PCI compliance process is oftentimes very costly and requires a lot of resources. A lot of organizations also struggle to understand what systems need to be protected and have to fulfill the requirements in PCI DSS. Defining scope is a critical process. So how do […]
PCI-DSS vs ISO 27001
If your organization is considering initiating a compliance process, it is very likely that for some PCI DSS immediately comes to mind and for others it might be ISO 27001. The objective for both standards is to secure and manage company information, but they do so in different ways and to different extents. But, the […]
Are you protecting your client data securely enough?
Understanding Levels of PCI DSS Compliance With our Ultimate Guide to PCI DSS Cloud Hosting we delve into the significance of protecting your client data and why it’s critical for businesses to be PCI DSS certified. But how rigorous is the certification process? If you’re a small to medium sized business do you have to […]
PCI DSS Cloud Hosting
How does it work? Outsourcing operations to a third party means that you share responsibility for reaching the requirements in PCI DSS. Your hosting provider fulfills some requirements, and your company has to fulfill others. The PCI DSS requirements focus on 3 areas: technology, processes and people. Your provider provides the cloud infrastructure and is […]
Should you outsource?
The Ultimate Guide to PCI DSS Cloud Hosting You collect payment from your customers online and you know it’s your company’s responsibility to keep that information secure, confidential and from getting hacked and released into the world of the Internet. It’s your reputation, your brand and your customer’s trust all on the line. So what […]