The public and private sectors have been increasingly under assault by hackers looking to take information–whether for espionage, blackmail, or profit. And while some of the past few years’ high-profile government and industrial attacks have been at the center of many cybersecurity stories, the reality is that hacks in the retail and consumer spaces have been incredibly impactful.

In fact, some of the largest data breaches have been due, in part, to a lack of compliance with PCI DSS standards… and this presents a major challenge for merchants and payment processors who want to protect their customers’ information. 

Here, we’ll cover three major security breaches related to PCI DSS compliance and what you can learn from them.

Read More

The good news? PCI DSS 4.0 is out, but the adoption schedule for the new standard is quite generous. The better news? The PCI Security Council has decided to implement a tiered approach to adoption. The first will finalize when the previous version (3.2.1) is officially retired in 2024. The second, known as the “future dated” requirements, will have an additional year. 

This article will cover the future-dated requirements from PCI DSS version 4.0.

Read More

A significant part of any security framework is the assessment. Different frameworks require different types of assessments, from self-managed diagnostics to extensive and annual third-party audits. PCI DSS is no different, requiring annual compliance validation for all relevant systems. 

The nature of these assessments may vary depending on the company and are beyond the scope of this article. For businesses that undergo full third-party audits, however, you may find your assessor performing a unique practice known as “sampling.” 

You may never even have to consider this practice if you’re not an auditor. But it does help to understand what assessors are looking at. 

Read More