Blog

If you're an e-commerce merchant using an iframe or redirect for payment processing, recent updates to the PCI DSS SAQ A may impact how you maintain compliance. While these changes simplify requirements, a new eligibility rule has been introduced that could affect your compliance status. Here’s what you need to know.

For e-commerce merchants, navigating PCI compliance can be complex, especially when it comes to determining eligibility for Self-Assessment Questionnaire A (SAQ A). If you're unsure whether your business qualifies or what completing the SAQ entails, this guide will help clarify key requirements, recent updates, and potential consequences of non-compliance.

Hi, I'm Matt Crane. I'm a leader in the Payment Security Practice, and today we're going to tackle what exactly cardholder data is because the PCI Council has introduced a new term in PCI DSS v4.0. But first, let's talk about PCI DSS v3.2.1, because--similar to the dinosaurs on my shirt in this video--some of the terminology in v3.2.1 is now extinct, as this version was officially retired on March 31, 2024.

We've received a lot of questions recently about the new access control requirements and PCI DSS version 4. Today, we're going to review those and hopefully we can answer your questions.

In the realm of data security and compliance, one term that frequently arises is "scope." It's a pivotal concept, particularly within the context of the Payment Card Industry Data Security Standard (PCI DSS). In this video, Senior Manager Sully Perella discusses what's in scope for PCI DSS compliance and how your organization may have compliance implications even if you don't directly handle cardholder data.