In Scope – Example I
I thought I would write about a recent meeting I had with a client regarding whether or not their proposed point-of-sale (POS) solution was going to be in or out of scope. Obviously, the hope was that...
View ArticlePCI SSC Issues Clarification On Encrypted Data Being In-Scope
On October 27, 2009 the PCI SSC and the card brands issued a clarification on whether or not encrypted cardholder data is still in-scope (Article Number 10359). For such a simple clarification, there...
View ArticleDecommissioning Applications
Here is a question that comes up from time to time. Particularly because a lot of my clients are remediating their PCI compliance issues by replacing older applications with PCI compliant new ones....
View ArticleHow Email Ends Up In-Scope And What To Do About It
Let us clarify this issue. I am not talking about the occasional email that contains cardholder data. Try as your organization might, a small percentage of customers are going to email their...
View ArticleCall Center FAQ Significantly Changes
On January 22, 2010 the PCI SSC issued an update to their clarification regarding their FAQ on call centers storing CVV/CVC/CID in their call recordings. The bottom line is that call centers are no...
View ArticleAdvice To Merchants
Barring the card brands developing a truly secure card processing process, the PCI DSS and related standards are likely to be with us for quite a while. That said, what is the future of complying with...
View ArticleWhat Is “In-Scope?”
You would think this question would be an easy question to answer when talking about the PCI standards because anything that processes, stores or transmits cardholder data is in-scope for PCI...
View ArticleScoping Clarification
At the 2012 PCI Community Meetings, the PCI SSC made a presentation titled ‘PCI Standards Updates and Future Insights’. Embedded in that presentation were a series of slides titled ‘Scoping &...
View ArticleEncrypted Cardholder Data – Out Of Scope?
I had an interesting exchange on Google+ the other day regarding whether or not encrypted data is in scope for PCI compliance. In the end it was suggested that I write a blog entry regarding this...
View ArticleRemoving The Drama Of A PCI DSS Assessment
I had to prepare a presentation for a client a while back giving them some tips on how to prepare and get through a PCI assessment as easy as possible. I thought it might be good to share those...
View Article
More Pages to Explore .....