Blog

It is amazing to see how many organizations take things for granted in their environment. In the video below, you can see a skimmer device installed in a retail location. The attendant was distracted for less than 20 seconds and the card skimming device...

PCI DSS: 12 Requirements to Protect Your Customer’s Credit Card Data

Traditionally, ill-intentioned criminals have targeted banking institutions to reap financial gain. In today’s digital age, the focus has shifted to merchants as the target for...

It can be extremely frustrating for a compliance team to realize that additional systems are in-scope. It means additional and unexpected security controls and validation. The most stressful time of year for PCI compliance staff, during an onsite...

Card Not Present Security Codes/Values are the 3 and 4 digit printed numbers on your payment cards used to verify card-not-present transactions. PCI DSS has been crystal clear for many years that payment Card Verification Codes/Values are Sensitive...

Payment card breaches concern customers and businesses alike. A recent epidemic of e-commerce breaches is focusing attention on what makes a website more or less secure than others. The old advice of looking for the “security lock” and the “green...

Last month we wrote this article about issues arising from the addition of new BIN ranges and the lack of clear guidance specifically with 16-digit PAN that have 8-digit BINs. Today, the PCI Council just updated FAQ#1091 "What are acceptable formats for...

New 8-digit Bank Identification Numbers (BIN) could complicate PCI truncation rules and create compliance headaches for those required to maintain compliance. Many organizations build their PCI compliance around DSS requirements and how they use...