Viewing posts for the category PCI DSS

Mastercard Requires QSA or ISA for Level 2 Merchants

The standard for handling credit card data is set by the PCI (Payment Card Industry) SSC (Security Standards Council). However, each card brand, Visa, Mastercard, AmEx, Discover and JCB, manages its own specific compliance program. Requirements for becoming compliant and reporting are set by each card brand. Even though each programs requirements are similar, there are slight variations in certain particular details as to how they apply to different merchants.

Read More

PCI Frequently Asked Questions (FAQ)

The Payment Card Industry Security Standards Council (PCI SSC) is the regulating body established by the credit card brands to institute and enforce procedures which enhance the security of credit card transactions. All merchants and other organizations that transact business using credit cards are required to follow the procedures established by the PCI Council and verify the same. The overriding governing document of the Council is the PCI DSS (Data Security Standard).

Read More

PCI Task Calendar

PCI compliance is comprised of over 200 individual requirements. Many of the requirements in the PCI DSS must be maintained throughout the year and conducted on a recurring basis. To help your organization stay on top of PCI compliance and be prepared for the next PCI assessment, we have put together a list of key requirements and recurring tasks.

Read More

I Have Vulnerabilities On My LAN. So What?!

During the course of my penetration testing engagements (where I pretend I'm a malicious user and attempt to do naughty things on the network), I usually see or detect many vulnerabilities that are typically not found on the public internet. These vulnerabilities range from a small information disclosure (yawn) to full remote code execution (OH YES!) and of course everything in between. As a good security professional, my recommendations are to fix every single vulnerability found. This would exclude vulns that exist due to a specific business need, such as legacy systems or applications, or other legitimate reasons. When I suggest that we fix all of them, I often receive pushback from IT staff and sometimes even the stakeholders.

Read More


Call us at (214) 556-6613 or   CONTACT US