SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Payment Card Assessments

By: Salvatore Butera
December 10th, 2024

Across the current digital economy, more and more are going passwordless—with tech conglomerates like Apple, Microsoft, and Google leading the way, organizations are pivoting to other cybersecurity solutions to better secure information and simplify workflows. But replacing passwords with alternatives successfully also means accounting for extended related factors—including those that could impact your PCI DSS compliance.

Blog Feature

Payment Card Assessments

By: Sully Perella
November 7th, 2024

Scoping is a key first step in any compliance assessment, and those who have been through the process understand how vital—and how tricky—it can be. Scoping is particularly crucial in PCI DSS, as drawing your boundaries largely determines which requirements your organization must satisfy, and when you’re operating within a Zero Trust environment, things appear to get more complicated.

Blog Feature

Payment Card Assessments

By: Sully Perella
October 2nd, 2024

Though so much attention has been placed on secure coding to mitigate cyber threats to software, another emerging area of focus is the “software supply chain,” or the “software bill of materials” (SBOM). Why? Because software security doesn’t just depend on secure coding—the individual components of the software, or the SBOM—are equally critical.

Blog Feature

Payment Card Assessments | PCI DSS

By: PHIL DORCZUK
September 9th, 2024

Historically, PCI DSS has treated most service accounts as shared administrator accounts that had to be authorized with specific privileges using strong authentication factors. But now, version 4.0 of the PCI DSS has greatly expanded the scope of authentication and authorization requirements—while you’ll still need to secure those administrator accounts, you’ll now also need to implement controls to protect any application and service accounts in your environment.

Blog Feature

Payment Card Assessments | PCI DSS

By: Jeff Lasker
July 30th, 2024

Since the sunsetting of PCI DSS v3.2.1 on March 31, 2024, PCI DSS v4.0 has become effective, as have some of its new requirements (though future-dated requirements will be effective March 31, 2025). While v4.0 has introduced some major changes in various areas, for service providers—including some that include additional nuance for colocation providers in particular—multiple new requirements are now effective as well as some that are future-dated.

Blog Feature

Payment Card Assessments | SWIFT

By: Jon Anderson
July 18th, 2024

For those financial institutions involved in international transactions, compliance with the security requirements set forth by the Society for Worldwide Interbank Financial Telecommunication (SWIFT)—otherwise known as its Customer Security Programme (CSP), which aims to better secure the global financial community against cyber threats. One part of the Programme includes the SWIFT Customer Security Controls Framework (CSCF), which was updated in 2024 and now mandates controls around the protection of outsourced critical activity.

Blog Feature

Payment Card Assessments | PCI DSS

By: MATT CRANE
June 11th, 2024

As of June 11th, PCI DSS v4.0.1 was officially released. This update comes with several clarifications and adjustments to the previous version, ensuring more precise guidelines and addressing various implementation issues.

Blog Feature

Payment Card Assessments | PCI DSS

By: Bill Soverns
May 21st, 2024

If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.

{