Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PCI

PCI DSS vs GDPR: A Comparison of Data Security Standards

Since the onset of the pandemic in 2020, global concern for data security and privacy has skyrocketed like a dazzling display of fireworks on New Year’s Eve. With an ever-increasing number of people utilizing online services and sharing their personal information on websites to engage in e-commerce transactions, the infrastructure for collecting and safeguarding consumer data has become of paramount importance.

Free PCI DSS Vendor Questionnaire Template (2023 Edition)

PCI DSS compliance is mandatory for all entities processing cardholder data, including your third-party vendors. Security reports provide a window into a vendor’s information security program, uncovering their security controls strategy and its alignment with regulations like the PCI DSS. The following template will give you a high-level understanding of each vendor’s degree of compliance with PCI DSS and uncover potential compliance gaps requiring deeper investigation.

PCI DSS Requirement 3 Summary of Changes from Version 3.2.1 to 4.0 Explained

Welcome to VISTA InfoSec! In this video, we’ll be discussing the exciting changes made to PCI DSS Requirement 3 from version 3.2.1 to version 4.0. The PCI Council has made three types of changes: evolving requirements, clarifications, and structure or format changes. Some of the major changes include advanced settings in reinforcing payment outlets, high multi-factor authentication features, and better compatibility with cloud and related IT infrastructure.

How to Prevent Credit Card Number Exposure in Slack for PCI Compliance

For many companies, a business credit card is part of the organization’s lifeblood. As such access to it must be vigilantly maintained. One potential area of risk is employees sharing credit card details in collaborative SaaS applications like Slack, where these details are at significant risk of being exposed to unauthorized parties.

Application Programming Interface (API) testing for PCI DSS compliance

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.

Explaining the PCI DSS Evolution & Transition Phase

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a standardized approach to address the issue.

Guidance on network and data flow diagrams for PCI DSS compliance

This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. PCI DSS requires that an “entity” have up to date cardholder data (CHD) flow and networking diagrams to show the networks that CHD travels over.