By:
ERIC SAMPSON
December 10th, 2014
The PCI Security Standards Council (SSC) recently published an information supplement on third-party security assurance that provides a set of guidelines for understanding how to manage third-party service provider (TPSP) relationships and PCI DSS compliance requirements. The guidance applies to entities who use or are considering the use of TPSPs and to the TPSPs themselves, who have access to, or can impact the security of cardholder data (CHD) or the cardholder data environment (CDE). The SSC defines an entity as any organization that has the responsibility to protect card data and may leverage a TPSP to support them in card-processing activities or to secure card data.
By:
ERIC SAMPSON
October 3rd, 2014
The media has been filled with stories of high profile credit card breaches, including those from Target, Neiman Marcus, P.F. Chang’s and most recently Home Depot. Details on the Home Depot breach are still emerging, but the details around the Target and Neiman Marcus breaches are well known and causing the public to ask if it will happen again?
Cloud Computing | Payment Card Assessments
By:
Douglas Barbin
April 11th, 2013
By Eric Sampson and Doug Barbin In a previous article, we provided a summary of the key components of the PCI DSS Cloud Computing Guidelines (“cloud supplement”). That article focused on roles, responsibilities, agreements, and audit considerations. This article speaks more to the technical considerations.
Cloud Computing | Payment Card Assessments
By:
Douglas Barbin
April 4th, 2013
By Eric Sampson and Doug Barbin