Matt Crane is a Director at Schellman, where he excels in project management and client relations while overseeing assessments against various PCI Standards. With a primary focus on PCI DSS Compliance for organizations spanning diverse industries, Matt leverages a decade of expertise in information security services. Prior to joining Schellman in July 2017, Matt held key positions in both the private and public sectors, specializing in PCI and NIST assessments, as well as intelligence analysis. His extensive background includes leading PCI engagements, performing risk assessments, and general consulting services for merchants and service providers across multiple industry verticals. With an exceptional track record and a profound understanding of the industry, Matt Crane is a valuable asset to Schellman, ensuring clients receive unparalleled guidance in achieving their compliance goals. Matt holds a BBA in Information Security and Assurance as well as several industry certifications including CISSP, CISA, CRISC, QSA,
By:
Matt Crane
March 17th, 2025
If you're an e-commerce merchant using an iframe or redirect for payment processing, recent updates to the PCI DSS SAQ A may impact how you maintain compliance. While these changes simplify requirements, a new eligibility rule has been introduced that could affect your compliance status. Here’s what you need to know.
By:
Matt Crane
March 17th, 2025
For e-commerce merchants, navigating PCI compliance can be complex, especially when it comes to determining eligibility for Self-Assessment Questionnaire A (SAQ A). If you're unsure whether your business qualifies or what completing the SAQ entails, this guide will help clarify key requirements, recent updates, and potential consequences of non-compliance.
By:
Matt Crane
May 3rd, 2024
We've received a lot of questions recently about the new access control requirements and PCI DSS version 4. Today, we're going to review those and hopefully we can answer your questions.
By:
Matt Crane
October 26th, 2023
To address some of the past confusion regarding the dating of PCI reports, the PCI Security Standards Council (SSC) has altered the report date methodology for PCI DSS v4.0 to provide more clarity and consistency to this process.
By:
Matt Crane
March 31st, 2022
So you've probably heard about PCI DSS v.4 and you're asking yourself, "When can I expect the new release and what about the new requirements?" Schellman's Matt Crane provides an overview in this quick 2-minute video.