Security | Threat Detection | Cyberattacks | DevSecOps | Compliance



PCI DSS 4.0: How to Delight the Auditors

While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the processes you have in hand. Here’s how.

Arctic Wolf

What Is PCI DSS And Why Is It Important?

With the widespread use of credit cards and other payment cards in online shopping, banking, and business transactions, card data exposure, and fraud are on the rise. Hackers like ransomware gangs love to hold such data hostage, often releasing it to the dark web to further financial fraud, and any organization that holds such data is at risk of a cyber attack — including retail, technology, business and, of course, financial services.

vista infosec

PCI DSS vs GDPR: A Comparison of Data Security Standards

Since the onset of the pandemic in 2020, global concern for data security and privacy has skyrocketed like a dazzling display of fireworks on New Year’s Eve. With an ever-increasing number of people utilizing online services and sharing their personal information on websites to engage in e-commerce transactions, the infrastructure for collecting and safeguarding consumer data has become of paramount importance.


Free PCI DSS Vendor Questionnaire Template (2023 Edition)

PCI DSS compliance is mandatory for all entities processing cardholder data, including your third-party vendors. Security reports provide a window into a vendor’s information security program, uncovering their security controls strategy and its alignment with regulations like the PCI DSS. The following template will give you a high-level understanding of each vendor’s degree of compliance with PCI DSS and uncover potential compliance gaps requiring deeper investigation.

PCI DSS Requirement 3 Summary of Changes from Version 3.2.1 to 4.0 Explained

Welcome to VISTA InfoSec! In this video, we’ll be discussing the exciting changes made to PCI DSS Requirement 3 from version 3.2.1 to version 4.0. The PCI Council has made three types of changes: evolving requirements, clarifications, and structure or format changes. Some of the major changes include advanced settings in reinforcing payment outlets, high multi-factor authentication features, and better compatibility with cloud and related IT infrastructure.

How to Prevent Credit Card Number Exposure in Slack for PCI Compliance

For many companies, a business credit card is part of the organization’s lifeblood. As such access to it must be vigilantly maintained. One potential area of risk is employees sharing credit card details in collaborative SaaS applications like Slack, where these details are at significant risk of being exposed to unauthorized parties.


Application Programming Interface (API) testing for PCI DSS compliance

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.


Explaining the PCI DSS Evolution & Transition Phase

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a standardized approach to address the issue.