AMEX PCI DSS Compliant Service Providers

AMEX now maintains a full list of all PCI DSS compliant service providers. Service providers pay a fee to register, and full details of the scheme are available directly from the AMEX web site.

Cyber Essentials

We’re pleased to announce that Ambersail is a Cyber Essentials Certification Body and we can help you achieve either Stage 1 or Stage 2 compliance as required. Cyber Essentials is a UK Government-sponsored scheme open to organisations of all sizes.  It includes a formal certification showing adherence to a basic set of information security controls. It is… Read more »

PCI: Your eCommerce Web Sites Are In Scope

“Essentially, all merchant eCommerce sites that previously escaped mandatory security assessment can no longer be overlooked.” We now anticipate that many small merchants will find their web sites in scope for PCI compliance under PCI DSS v3. We wrote earlier this year concerning the potential for scope changes brought about by PCI DSS v3. Now that the official v3 SAQ documents… Read more »

Apple Secure Coding Guide

We note that Apple has just released a document entitled “Secure Coding Guide” and it covers OSX and iOS development. >From the intro: “Secure coding is important for all software; if you write any code that runs on Macintosh computers or on iOS devices, from scripts for your own use to commercial software applications, you… Read more »

ROC Reporting Template, PCI DSS V3

The PCI SSC has released the official ROC reporting template for PCI DSS version 3. This is important because it now means that QSA companies such as Ambersail can now conduct on-site assessments using PCI DSS version 3. The reporting instructions are available for public inspection here.

Recovering from a Hacking Incident: A Guide

By Andrew Lisa Getting hacked is never fun, all too common, and never 100 percent preventable. Hackers can impersonate you, damage your online reputation, or steal your money. In the event that it happens to you – and it’s very likely that it may – the actions you take in the immediate aftermath will determine… Read more »

PCI: Web Redirection Servers In Scope?

It is possible that web applications previously considered out-of-scope for PCI DSS could now be in-scope under PCI DSS v3. The impact of this could be significant depending on your existing card data environment (CDE). It has long been accepted practice that any component that stores, processes or transmits cardholder data is in scope for… Read more »