Recently, we have started with a significant number of new clients on ASV scanning projects. This is the PCI scan on networks that needs to be performed by merchants and service providers. Nothing new in that. We have been an ASV for over ten years. What has caught our eye is what has prompted these… Read more »
Posts Tagged: pci dss
AMEX now maintains a full list of all PCI DSS compliant service providers. Service providers pay a fee to register, and full details of the scheme are available directly from the AMEX web site.
How much penetration testing and vulnerability scanning does PCI DSS v3 require?
It is possible that web applications previously considered out-of-scope for PCI DSS could now be in-scope under PCI DSS v3. The impact of this could be significant depending on your existing card data environment (CDE). It has long been accepted practice that any component that stores, processes or transmits cardholder data is in scope for… Read more »
“We know that there’s nothing more frustrating than failing your ASV scan.” But did you know there are 10 reasons why you would automatically fail should the scan make any of the following findings? Operating system versions no longer supported by the vendor. Windows 2000, older Linux distributions. Unsupported, and therefore unpatched. Open access… Read more »
Barclaycard has issued the following positioning statement regarding the Barclaycard Risk Reduction Programme and it’s relationship with the PCI DSS and participating card schemes (Visa, Mastercard, Amex). If you’re a Barclaycard merchant participating in the BRRP, this positioning statement may be of interest to you. If you’d like to find our more about the BRRP,… Read more »
Mastercard has released “Mastercard Best Practices for Mobile Point of Sale Acceptance”. If you’re a POS solution developer, you’ll be interested in this document as it provides guidance on how to develop your solution, and if you’re a merchant, it provides you with guidance on the kinds of features your intended mobile POS implementation should… Read more »
Just a reminder of a regular observation we make when conducting ASV scans. It’s the issue of interference from an IDS or IPS system. Whilst such systems are useful in normal production situations, they must not interfere in any way with the ASV scan. If interference is detected by the ASV scan – we have… Read more »
The PCI DSS is a security standard that embodies a number of underlying principles. What are these principles? As with all PCI compliance questions, the answers usually lie in understanding the intent behind the requirements of the standard. Although there are many individual requirements detailed within in the PCI DSS, collectively they are based upon… Read more »