If someone asked you “are you protecting your data,” your initial response would probably be to clarify what they are referring to specifically, since the question is so broadly stated. You could just reply with a terse “Yes,” but that is as open-ended and nebulous as the question. The general idea of data protection encompasses so many areas, from the amount of data that is being stored, to the methods of securing it all.

We have officially entered the 12-month countdown to the enactment of the new Payment Card Industry Data Security Standard (PCI DSS). The new version, 4.0, set to go into effect on April 1, 2024, contains some interesting and notable changes. Is your organization ready to meet the new requirements? In this 6-part series, we spoke with specialists who help to break down the changes to make your transition to the new Standard as easy as possible.

While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the processes you have in hand. Here’s how.

Since the onset of the pandemic in 2020, global concern for data security and privacy has skyrocketed like a dazzling display of fireworks on New Year’s Eve. With an ever-increasing number of people utilizing online services and sharing their personal information on websites to engage in e-commerce transactions, the infrastructure for collecting and safeguarding consumer data has become of paramount importance.

PCI DSS compliance is mandatory for all entities processing cardholder data, including your third-party vendors. Security reports provide a window into a vendor’s information security program, uncovering their security controls strategy and its alignment with regulations like the PCI DSS. The following template will give you a high-level understanding of each vendor’s degree of compliance with PCI DSS and uncover potential compliance gaps requiring deeper investigation.

In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0.

For many companies, a business credit card is part of the organization’s lifeblood. As such access to it must be vigilantly maintained. One potential area of risk is employees sharing credit card details in collaborative SaaS applications like Slack, where these details are at significant risk of being exposed to unauthorized parties.

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs)

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.