While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the processes you have in hand. Here’s how.

Since the onset of the pandemic in 2020, global concern for data security and privacy has skyrocketed like a dazzling display of fireworks on New Year’s Eve. With an ever-increasing number of people utilizing online services and sharing their personal information on websites to engage in e-commerce transactions, the infrastructure for collecting and safeguarding consumer data has become of paramount importance.

PCI DSS compliance is mandatory for all entities processing cardholder data, including your third-party vendors. Security reports provide a window into a vendor’s information security program, uncovering their security controls strategy and its alignment with regulations like the PCI DSS. The following template will give you a high-level understanding of each vendor’s degree of compliance with PCI DSS and uncover potential compliance gaps requiring deeper investigation.

In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0.

For many companies, a business credit card is part of the organization’s lifeblood. As such access to it must be vigilantly maintained. One potential area of risk is employees sharing credit card details in collaborative SaaS applications like Slack, where these details are at significant risk of being exposed to unauthorized parties.

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs)

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a standardized approach to address the issue.

This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. PCI DSS requires that an “entity” have up to date cardholder data (CHD) flow and networking diagrams to show the networks that CHD travels over.