pciguru.wordpress.com

Please wait for loading...




      (289):

    /
     1  +1 2014 jul 30opensource software pci complianceOpen Source PA- DSS Certification | PCI GuruThe bottom line is that the PA- DSS is skewed to commercial software , not the open source community. That is not to say that open source  ...
     3  +1 2014 aug 18emv and pciEMV | PCI GuruPosts about EMV written by PCIGuru. ... After the release of the PCI DSS in 2008, a lot of retailers implemented a variety of E2EE solutions. Unfortunately, the ...
     3  -1 2014 jul 30call centre complianceCall Centers And PCI Compliance | PCI GuruA big thank you to a reader for suggesting this post with a post to my Miscellaneous Questions page with a number of questions related to call  ...
     4  -1 2014 aug 21pci dss linux antivirusRequirement 5 – Use and regularly update anti-virus | PCI GuruUnder the PCI DSS and card brands' security programs, redirect systems are still .... Requirement 5.1 – Deploy anti-virus software on all systems commonly ..... UNIX, VoIP servers are just Windows or Linux servers running a VoIP application.
     4  +11 2014 aug 02security metrics bbbPCI Compliance Scam? You Tell Me | PCI GuruI write to you as I understand you are the top man at Security Metrics . .... You all might find this interesting,
     4  +1 2014 jul 29security metrics ukI write to you as I understand you are the top man at Security Metrics . ... in other words the backbone of independent retailers in the UK .
     4  +1 2014 jul 17security metrics logoI write to you as I understand you are the top man at Security Metrics . ..... For the past year Security Metrics has been telling me the q&a I took ...
     5  +27 2014 oct 04guru blog statementsPCI Guru | A common sense approach to achieving PCI compliance Brandon Williams has a great blog post on his site that answers this question. .... Do not get me wrong, I understand their reasons for their statements . However ...
     5  +2 2014 aug 14pci dss compliance virtuemartTags: compliance , open source, PA-DSS, PA-QSA, PCI DSS ... VirtueMart , Ubercart, Zen Cart, etc. will never be PA-DSS compliant since, by ...
     5  -1 2014 aug 02call centre pci compliance
     6  +25 2014 sep 01virtuemart pci scanOpen Source PA-DSS Certification | PCI GuruTags: compliance , open source, PA-DSS, PA-QSA, PCI DSS ... that open source e-Commerce solutions like Magento Community, VirtueMart , ...
     7  +3 2014 sep 16sox pci compliancePCI and SOX , HIPAA, GLBA, et.al. | PCI GuruJust got a call regarding PCI and Sarbanes Oxley ( SOX ) compliance . Whether it is SOX , the Health Insurance Portability and Accountability Act ...
     7  +4 2014 sep 15pci soxJust got a call regarding PCI and Sarbanes Oxley ( SOX ) compliance. Whether it is SOX , the Health Insurance Portability and Accountability Act ...
     7  +9 2014 sep 05pci compliance certificatePCI DSS Compliance Certificates | PCI GuruIn this month's PCI SSC QSA Newsletter, the FAQ of the Month is about so called ' PCI DSS Compliance Certificates '. I started to hear about ...
     8  +10 2014 aug 30pci saq aWhy SAQ A -EP Makes Sense | PCI GuruThis SAQ was developed to address the recommendations that were documented in the information supplement titled ' PCI DSS E-commerce ...
     8  -4 2014 aug 15pci compliance bank letterHe called me to find out exactly what PCI compliant meant. .... The card brands require that the acquiring banks /processors track who is non-compliant and then follow ... This October I was sent a letter which invited renewal.
     9  +4 2014 sep 10pci and sarbanes oxleyJust got a call regarding PCI and Sarbanes Oxley (SOX) compliance. Whether it is SOX, the Health Insurance Portability and Accountability Act ...
     9  -3 2014 sep 05pci saq dSelf-Assessment Questionnaires | PCI GuruIn the QSA trade, SAQ D is referred to as Report On Compliance (ROC) 'Light' because any organization that has to fill out SAQ D is essentially ...
     9  +92 2014 aug 14pcd-dss monthly scan“Passing” Vulnerability Scans | PCI GuruThe PCI DSS requirement 11.2.b defines a passing scan as a scan that does not ... This is why a lot of organizations just do monthly scans .
     9  +2 2014 aug 12approved scanning vendors inexpensiveASV | PCI GuruThe first thing I did was review the latest version of the PCI ASV Scanning
     9  -2 2014 aug 04call centres pci complienceThe PCI DSS does not require credit card handling call center personnel to be segregated from other call center personnel. But again, best ...
     9  -1 2014 aug 02pci encrypt encryption keyEncrypted Cardholder Data – Out Of Scope? | PCI GuruThe key to how to interpret whether or not encrypted cardholder data is ... assessed for PCI compliance cannot decrypt the encrypted CHD.
     10  -4 2014 sep 01pci saq a formsNew for version 2.0 of the PCI DSS is SAQ C-VT. ..... but it does mean that those are the only two reporting forms you are allowed to use. Reply.
     10  +3 2014 aug 23what is compensating controlsWriting A Compensating Control | PCI GuruThis is a very popular topic these days as more and more organizations have to rely on compensating controls to comply with the PCI DSS.
     10  -7 2014 aug 04call centre pci
     11  -3 2014 aug 24load balancing pciNetwork Segmentation – Take 2 | PCI GuruThe PCI DSS gives very little guidance on network segmentation. ... I'm quite worried that you use a load balancer as a firewall on the public ...
     11  +3 2014 aug 21pci compliance data miningCall Center FAQ Significantly Changes | PCI GuruTags: changing standard, clarification, In-Scope, PCI DSS , post- ... authorization is allowed; as these recordings cannot be data mined easily.
     11  ~ 2014 aug 12pci compliance for dummiesPCI For Dummies | PCI Guru... have developed a white paper entitled ' PCI for Dummies ', ' PCI for Idiots' or ' Making PCI Compliance Easy'. Hello! Get a clue out there! To…
     11  +90 2014 aug 10network marketing saqWhy SAQ A-EP Makes Sense | PCI GuruThis SAQ was developed to address the recommendations that were
     11  +51 2014 aug 08pci compliance consoleRequirement 13 – Encrypt all non- console administrative ... - PCI GuruAny entries regarding Requirement 13 of the PA- DSS - Encrypt all non- console administrative access.
     11  +1 2014 aug 03pci compliant terminalsCredit Card Terminals And PCI Compliance | PCI GuruThe credit card terminal industry also needs to wake up and get on board with security before they end up in the PCI compliance dog house.
     11  +15 2014 aug 03first data pci compliantHe called me to find out exactly what PCI compliant meant. So, I listened to how ..... 2013 at 1:15 PM. First data is compliance.firstdatams.com.
     11  -2 2014 aug 03pci saq cNew for version 2.0 of the PCI DSS is SAQ C -VT. This was developed to handle virtualized environments. Virtual can be either full on thin ...
     11  -2 2014 jul 31credit card machine vonageVoIP And PCI Compliance | PCI GuruAlso, credit card machines can't work over VoIP lines as of 2012. .... on my Vonage line in regard to my credit card machine not working.
     12  +3 2014 sep 11pci definition of cardholder dataEncrypted cardholder data (stored or transmitted) being out of scope is based on whether or not that data meets the following definition .
     12  +3 2014 aug 04virtuemart pci compliance... VirtueMart , Ubercart, Zen Cart, etc. will never be PA-DSS compliant ... the merchant's PCI Report On Compliance (ROC) assessment process.
     12  +2 2014 aug 01call center complianceIn a call center environment where operators are taking… ... That said, just because it is not in-scope for PCI compliance ; do not think a QSA is ...
     13  +5 2014 sep 01pci saq overviewSAQ | PCI GuruPosts about SAQ written by PCIGuru. ... document is the “Bible” for QSAs as it documents how they will be assessed in a PCI SSC Quality Assurance review .
     14  +8 2014 sep 01ip pbx pciCategories: PCI DSS, Requirement 1 - Install and maintain a firewall, ... People treat these VoIP servers just like their traditional PBX .
     14  -4 2014 jul 22pa-dss vs pci-dssPA - DSS Certified – So What? | PCI GuruA lot of applications are becoming PA - DSS certified and yet I continue to see the same issue occur over and over ... PA - DSS certification never implies PCI DSS compliance and visa versa. ... In Scope versus Out of Scope.
     15  +17 2014 sep 30pci compliance certificationWhen offered the PCI DSS Attestation Of Compliance (AOC), this ... to get such a certificate when it does not exist on the PCI SSC Web site, ...
     15  -5 2014 jul 17pci self assessment questionnaireSelf - Assessment Questionnaires | PCI GuruI have received some interesting questions of late regarding various scenarios and how to fill out specific self - assessment questionnaires or ...
     15  -5 2014 jul 17pci self-assessment questionnaire
     16  ~ 2014 sep 29merchant levelMerchant Levels | PCI GuruI get requests all of the time regarding how to determine an organization's merchant level . Even though the card brand Web sites have this ...
     16  +18 2014 aug 02open table merchant agreementBut even with those tables and references such as this post, it is very important for ... As a result, you will need to review your merchant agreement with your .... I don't really have any new information on open source solutions.
     17  +15 2014 oct 03pci dss certification
     17  +22 2014 sep 28pci certificate costI found this extremely interesting, since no such “ certificate ” has ever ..... This involves a $7/month fee and now a yearly 75$ PCI compliance fee  ...
     17  -8 2014 aug 02pci dss two saqsUnder the PCI DSS and card brands' security programs, redirect systems are still .... ISA can sign a ROC or SAQ like a QSA can get a response in a day or two .
     18  +5 2014 sep 12pci complaiance and wirelesswireless | PCI GuruAs a result, to prevent future breaches due to wireless networking, the PCI DSS requires that the QSA ensure that any wireless , in or out of scope, is evaluated to  ...
     18  +4 2014 jul 24qsa training april29 | April | 2011 | PCI Guru1 post published by PCIGuru on April 29, 2011. ... of the year, time for the PCI Guru to take the PCI SSC's QSA re-certification training and test.
     19  +2 2014 jul 29pci dss saqNew for version 2.0 of the PCI DSS is SAQ C-VT. This was developed to handle virtualized environments. Virtual can be either full on thin ...
     20  +36 2014 aug 14zen cart pci compliance“Is it correct to assume that open source e-Commerce solutions like Magento Community, VirtueMart, Ubercart, Zen Cart , etc. will never be ...
     20  +38 2014 jul 29pci saq freeAnd that is why no PCI assessment is ever the same because organizations and .... In an ideal world, most merchants would be filling out SAQ A, but we do not ...
     20  +5 2014 jul 17pci scan timeThe PCI DSS requirement 11.2.b defines a passing scan as a scan that ... As a result, statistics say that there are going to be times when the ...
     22  +79 2014 aug 09pci dss certifiableI have written about this before, but this needs to be discussed again. A lot of applications are becoming PA - DSS certified and yet I continue to ...
     22  -5 2014 jul 17quarterly pci scansThe PCI DSS requirement 11.2.b defines a passing scan as a scan that does not ... The four quarterly scans plus four more remediation scans .
     22  ~ 2014 jul 17changes to emv standardsPosts about EMV written by PCIGuru. ... Tags: Card Brands, changing standard , Chip and PIN, Data Breach, EMV , Encryption, P2PE, security. The Target ...
     24  +27 2014 aug 22pci compliant service providersThird Party Service Providers And PCI Compliance | PCI GuruThere seems to be a lot of confusion regarding third parties that provide networking or hosting services and their obligations regarding PCI  ...
     24  +29 2014 aug 14define pci complianceThe argument in PCI circles is the definition of “all other systems”. Some of us believed that it meant systems other than those in-scope. Other people believed ...
     24  -8 2014 aug 08pci compliance levelsTags: Card Brands, compliance , Data Breach, merchant levels , PCI DSS, ... American Express and JCB all have tables for merchant levels .
     24  +48 2014 jul 22free pci compliance checkYes, you heard that right; they will never be PCI compliant . ..... That said, I have added a Luhn check to some of the open source solutions and it has amazed me  ...
     25  +14 2014 sep 25att mplsThe ' MPLS Is A Private Network' Debate | PCI GuruSince MPLS is protocol aware, it allows carriers such as AT&T , Verizon, BT and the like to automatically reroute packets to avoid network ...
     25  -11 2014 aug 29magento pa-dss certifiedOpen Source PA - DSS Certification | PCI GuruI got the following comment regarding open source solutions. “Is it correct to assume that open source e-Commerce solutions like Magento  ...
     25  -4 2014 aug 21dss call centercall centers | PCI GuruPosts about call centers written by PCIGuru. ... Tags: call centers , compliance, PCI DSS , PCI SSC, post-authorization, pre-authorization. Client discussions lately ...
     25  +12 2014 aug 09is paypal pci compliantWhen Will The PCI SSC And Card Brands Stop The Mobile Payment The good news is that PayPal Here at least appears to encrypt cardholder data, but ... This is because the PCI Security Standards Council halted last year the .... The Dilemma Of PCI Scoping – Part 1 · PCI Compliance Scam?
     26  +33 2014 aug 19scope of point saleOther people believed that it had to refer to only in- scope systems such as a ..... point of sale (POS) vendor's remote access account had been compromised.
     26  +2 2014 aug 07pci dss compliance feesI asked them to direct me to the PCI DSS or any PCI requirement that ... Yes, a lot of processors are charging non- compliance fees for their ...
     27  +18 2014 aug 25approved scanning vendore costGiven the additional cost of this new training plus the requirement to have a minimum of
     27  +21 2014 aug 08wordpress virtual terminal paypalSelf-Assessment Questionnaires | PCI Guru - WordPress .comVirtual can be either full on thin clients such as a Wyse terminal or a PC where ... Also, any advice on alternatives to PayPal Standard you can ...
     28  +18 2014 aug 26approved scanning vendor cost
     28  ~ 2014 jul 25pci dss certification costThe PA-DSS and PCI DSS require documentation on how to properly ... For those of you wondering, most PA-DSS certifications cost at least ...
     29  +39 2014 sep 10review pci merchant complianceThe merchant is never allowed to perform encryption key management ... “In PCI DSS v2.0, logs for all in-scope systems were required to be reviewed daily.
     29  ~ 2014 aug 30godaddy pci dssUnder the PCI DSS and card brands' security programs, redirect systems .... hosting storefront providers: bigcommerce, godaddy , amazon, etc.
     29  +12 2014 jul 21pci dss reviewPCI DSS v3 Requirement 10.6 | PCI Guru“ Review logs of all other system components periodically… ... the other day and we were walking through requirement 10 of the PCI DSS v3 to ...
     30  +5 2014 aug 06knuckle buster credit cardSimple PCI Compliance – Part 1 | PCI GuruA knuckle buster captures everything on the front of the card on the charge ... in a VeriFone, Hypercom, Nurit and the like credit card terminal.
     30  +35 2014 jul 22square non-merchant paymentMerchant Beware – New Mobile Payment Solution Out In The Wild Merchants need to be aware of a new mobile payment solution – Square ... Although, given the pictures on Square's Web site, I really did not  ...
     30  +21 2014 jul 22pci compliance storing faxMiscellaneous Questions Page | PCI GuruLike a lot of organizations trying to be PCI compliant , it is not just the storage of cardholder data (CHD), it is also the processing and transmission of CHD.
     31  +11 2014 aug 31is magento pa-dssPA - DSS Certification Means Nothing? | PCI GuruA couple of weeks ago we had a conference call with our PCI SSC QA team. During ... Magento Community, VirtueMart, Ubercart, Zen Cart etc
     31  +16 2014 aug 01paypal payments pciThis week PayPal introduced Here, their mobile payment processing application for Apple iOS and Android devices. The good news is that ...
     32  +1 2014 aug 14is oscommerce pci compliantTags: compliance , open source, PA-DSS, PA-QSA, PCI DSS ..... an official PCI document specifically mentions osCommerce (an open source ...
     32  +20 2014 aug 13pci scanning vendorsThe risk of course is that one or more vulnerabilities show up that the vendor will not ... The first thing I did was review the latest version of the PCI ASV Scanning  ...
     32  +56 2014 aug 06pci dds ceritification
     32  +26 2014 jul 29pci compliance definitionA common sense approach to achieving PCI compliance and retaining your sanity ... discussions had no real framework and everyone had their own definitions .
     32  -4 2014 jul 27lloydstsb pci dsscredit card terminals | PCI GuruThe merchant validated their compliance with the PCI DSS within the last 12 months .... In May 2010, Lloyds-TSB admitted that a number of their customers had ...
     33  +45 2014 sep 22third factorOne-, Two-, And Three- Factor Authentication | PCI GuruThree-factor authentication – in addition to the previous two factors, the third factor is “something a user is.” Examples of a third factor are all ...
     33  ~ 2014 jul 31internet exposure minneapolisMPLS | PCI GuruIf the IP addresses are public and the MPLS network provides exposure to the Internet either through the LSR or other device (if the edge router ...
     34  -16 2014 aug 27pci cokmpliance feeYes, a lot of processors are charging non-compliance fees for their ..... This involves a $7/month fee and now a yearly 75$ PCI compliance fee , ...
     34  -17 2014 aug 04pci compliance questionnaire
     35  ~ 2014 sep 29trustwave pci level4As a matter of fact, the filing of an SAQ by a Level 4 merchant is ..... Trustwave and the like to run and manage their PCI compliance tracking ...
     35  -3 2014 sep 23jcb merchant infoEven though the card brand Web sites have this information posted, the ... American Express and JCB all have tables for merchant levels.
     35  +6 2014 sep 13blog guruAbout | PCI GuruPCI Guru is written by a somewhat well known PCI QSA that shall remain nameless (think ... The purpose of this blog is to explain the PCI compliance process as…
     35  +1 2014 aug 16basics pci complianceHashing Basics | PCI GuruI am catching some heat over the Encryption Basics post from some of my more ... PABP or PA-DSS Compliance Does Not Imply PCI DSS ...
     35  -15 2014 aug 14pci compliance fee
     35  +11 2014 jul 30pci dss definitionIssuers and Financial Institutions | PCI GuruThe applicability of the PCI DSS to issuers and financial institutions in ... Just so we are clear on terminology, an issuer is defined by the PCI ...
    1 2 of 3 pages