Security, Contact Centers, PCI, compliance, PCIDSS, Remote Work

Business Resumption: Contact Centers

Over the last few weeks, our team of Qualified Security Assessor's (QSAs) has been responding to questions from our clients about how they can maintain PCI compliance while transitioning their contact centers (and associated business processes) to “work from home.” It's not just an important topic, but a very valid one given that most organizations today have never dealt with these kind of business challenges before; they truly are unprecedented. In many cases, just keeping the business operating is paramount and we recognize how many variables are at play today.

Read More
By Mark Hannah & Sherri Collis on Mar 31, 2020 2:13:29 PM
Risk Assessments, Security, PCI, PCI Community, Assessment, PCIDSS, COVID19, Remote Work

Remote PCI Assessments: We're Adapting With You

Recent events have changed the world we typically wake up to, and it is continuing to change. The ways we interact, the ways we seek necessities, and the ways we conduct business, have all shifted in a very short period of time. 

For many retailers, business is continuing and even trending upwards as consumers shift their shopping habits to online. What doesn't seem likely to change however, is the responsibility that retailers have to protect the consumers' personal information.

Read More
By Sherri Collis on Mar 24, 2020 1:12:05 PM
Security, NetworkSecurity, PCI, Cybersecurity, Information Security, compliance, PCIDSS4.0, PCI Community, Payment Card Industry, cardholder data, sensitive authentication data, CHD, SAD, Natural Language Processing Solutions, NLP

Highlights From The PCI Dream Team Session 8

As technology continues to advance, it's critical for the security community to respond to the evolving risk for consumer data.

On Tuesday, January 14, I had the opportunity to once again sit the PCI Dream Team’s eighth online session. During this session, we responded to questions from our participants which covered a broad range of concerns.

Read More
By Jeff Hall on Jan 23, 2020 11:07:14 AM
Security, PCI, Cybersecurity, InfoSec, DSS, PCIDSS4.0, PCI Community

Notes from the 2019 PCI Community Meeting

The Online Team and I had a great time at the PCI Community meeting last week, set in the spectacular environs of Vancouver BC. We ate and drank, pontificated, watched ferries and seaplanes come into the harbor (my inner 8-year old self couldn’t resist and I booked a flight out on one), and had a generally spectacular time networking with old and new friends in the payment security space.  While there were far too many interesting presentations and conversations to put into one place, I had a few takeaways that I felt were worth sharing. In no particular order:

Read More
By Tony Fulda on Sep 25, 2019 3:39:20 PM
Security, PCI, InfoSec, DSS, Payment Gateway, credit cards, debit cards, IDS/IPS, CDE

PCI DSS: When to Test Controls & Functions

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

Read More
By Jeff Man on Jan 3, 2019 4:51:51 PM
Leadership, Security, Privacy, PCI, SystemAdministrators, Authentication, Passwords, PasswordComplexity, Captcha

Password123! - Why Does Authentication Have to Be So Hard?

Password complexity and authentication has always been a subject of contention both for users and system  administrators. Many assume that forcing users to create more complex passwords, and changing them frequently,   will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.

Read More
By Security Consulting Team on Sep 13, 2018 11:28:04 AM