PCI DSS

PCI DSS – SAQ and Attestation of Compliance

Choice the good SAQ for your businessI had checked on the PCI SSC web site how to build and run compliance PCI without standard AOC for a merchants and small providers in self evaluating. Great news it’s possible but there are multiple version of the PCI DSS SAQ to meet various payment acceptance scenarios. Remember…

PCI DSS – Tokenization

The tokenization is really necessary on PCI DSS area ?The tokenization is or not a good solution for PCI DSS requirements ? I’m not sure to find on this technical solution a good way to reduce the scope but I’m sure to enforce the security of my PCI DSS Area…let’s go for more understand this.…

PCI COUNCIL updates Card Production Security Standard Version 1.1

Theses updates improve the secure manufacture, production and delivery of payment cardsGreat news, the PCI SSC has been updated the PCI Card Production Security Requirements,Version 1.1. The updated standard helps payment card vendorssecure the components and sensitive data involved in the production of payment cards,protecting against fraud via the compromise of card materials. The standard…

PCI DSS – 9 steps for build your PCI Compliance

I had followed theses 9 steps for build my compliance in this last year. I think it’s a good approach for big processor and all PSP. Establishing the PCI Project (Actors, budget…). Determine the scope (CDE). Review the information Security Policy (ISP or PSSI for french people). Conduct Gap Analysis. Conduct Risk Analysis. Establish the…

3 Myths about PCI DSS

The potential scope of your compliant CardHolderData Environment (Known CDE) may seem dating. A small merchant or a big processor have different level about security processes, documentations or time to secure this area. I have check lot of myths about PCI on my different experiences. In first, I will share with you 3 myths. Don’t listen any…

PCI DSS Prioritized Approach to Compliance

In my experience, the final consideration before getting started need to be regarding a more prioritized approach to achieving my PCI Compliance. The PCI Standards Council have come under pressure to help entities prioritize their approach to PCI and as such the table with six security milestones that will help merchants and other entities incrementally…

PCI Security Standards Coucil

The Payment Card Industry (PCI) Security Standards Council website isn(t a a security Website per se, but it is full of very useful and helpful security information related to the most far-reaching and comprehensive Industry security standards today. PCI DSS is applicable on any organization that process, transmit or stores payment  cards data. So it’s…