Posts Categorized: PCI DSS

PA DSS Program Guide v2.0

The PA-DSS Program Guide v2.0 and Attestation of Validation (AOV) v2.01 are now available for immediate use. These document updates are primarily about alignment and clarification. They don’t represent a change to the PA DSS standard. Software vendors will be particularly interested in the pricing guide which details the fees charged by the PCI SSC… Read more »

SAQ Eligibility Guide

Choosing the right Self Assessment Questionnaire (‘SAQ’) can be a very tricky task, especially for merchants with multiple payment channels. The PCI SSC introduced five different SAQs: SAQ A – Card-not-present Merchants, All Cardholder Data Functions Outsourced. SAQ B – Merchants with Only Imprint Machines or Only Standalone, Dial-Out Terminals. No Electronic Cardholder Data Storage…. Read more »

PCI Compliance Claims: 3 Questions You Must Ask

One of the great challenges of PCI compliance (or indeed any other compliance activity) is understanding the jargon. Qualified Security Assessors (QSAs) talk extensively about “validation”, “assessment” and “evidence” all day long, but sometimes the reasoning behind these terms is obscured. Part of the issue here is that, statements can be made behalf of products… Read more »

The Cloud & PCI – Propagating Failure?

The cloud may be nebulous, but the security of your valuable data assets should be clearly defined. We’re all seeing a continued movement of services in to the cloud, especially in the Infrastructure-as-a-Service (IaaS) arena. The security issues around cloud computing seem, to us at least, to be similar to the traditional issues – hardening,… Read more »

Which Applications Are Eligible for PA DSS?

If you can answer “yes” to any of the following questions, then your application is not eligible for validation under PA DSS  Is this a beta version of the application? Does the application handle cardholder data, but the application itself does not facilitate authorization or settlement? Does the application facilitate authorization or settlement, but has… Read more »

ASV Scanning: Roles & Responsibilities

Since we moved to the new ASV Program Guide v1.0 procedure last year, we’ve answered numerous questions from customers about the new reports and associated procedures as mandated by the Program Guide. For the most part, “Why are you doing this?” is the most commonly asked question! Rather than insisting that you read the entire… Read more »