Posts Tagged ‘PCI Compliance’

At a glance The main takeaway: PCI SSC has issued a 360-page supplemental Requirements and Testing Procedures document. This document provides QSAs extensive clarification and guidance to enhance validation methods and procedures for PCI DSS compliance reporting. Impact on your business: The PCI 4.0 Requirements and Testing Procedure document provides detailed guidance and explanations of…

At a glance The main takeaway: Historically, PCI has been viewed as a point-in-time compliance standard and this explains why many entities have not established capabilities to treat PCI security as a continuous 24×365 process. PCI 4.0 establishes new requirements across the data security standard for security to be managed as a continuous process. Impact…

At a glance The main takeaway: PCI 4.0 provides two validation options for compliance with the DSS. The first is the Defined Approach, which is similar to PCI’s historic approach. The second validation option, or Customized Approach, requires entities to conduct targeted risk analysis, define and then deploy controls against each PCI requirement. Impact on…

At a glance The main takeaway: Since PCI DSS 3.2.1 was released in February of 2018, many significant advancements have occurred in both the technologies used to enable payments and the nature of security threats facing the industry. These advancements have driven the four overarching goals of version 4.0. This video outlines the first goal…