Did you come here looking for an answer to this question? If so, YOU ARE IN LUCK. We have lots of answers to this question. I am sure you can find one that fits your requirements. NOTE: all of the answers below are real. QSACs really said these things (not just a QSA, but…
What is a “payment page”? A simple question? Maybe not. I think a layperson would say that its the webpage where you input your payment details. A merchant completing an SAQ-A compliance assessment might disagree. Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…
Can’t find the “Whats New in PCIV4.0” training? You are not alone. It is well hidden! Head over to the council’s portal at https://programs.pcissc.org Login! (bet you have to change your password again, lol!) Find RESOURCE CENTER in the big list in the middle Put DSS in the search box and press ENTER Collapse the…
Should part 4 of an AOC be left blank? A slightly controversial topic among the PCI-pedantic such as myself. And nothing in the FAQ on the topic 🙁 A quick survey of AOCs by 9 different QSACs shows a split of 6 check YES and 3 leave it BLANK. A discussion among PCI professionals shows…
For me, 6.1 and its brethren 6.2. Knowing about vulnerabilities and doing something about them! As a QSA, I always knew of a big critical vulnerability in each platform I assessed. A biggie. The worse the better. I poured over samples seeking unpatched devices. Every demo session I would be jotting version numbers down continually…
So you are wondering why you can not find the latest PCI DSS v4 version to participate in the RFC? You meet the criteria as a PO, QSA or ASV, but the document is nowhere to be found in the other PCI portal. Its because access to the RFC is restricted to your organizations’ primary contact. …
What makes a user account “inactive”? I think most QSAs would say “any account not used with in 90 days”. I think these QSAs would also say that the PCI DSS (v3.2.1) actually defines an inactive account as one that has not been used within 90 days. But maybe this definition is from the Mandela…
ASV Program Guide v3.1 (July 2018) 5.5 ASV Scan Scope Definition For the purpose of ASV scanning, the PCI DSS requires quarterly vulnerability scanning of all externally accessible (Internet-facing) system components owned or utilized by the scan customer that are part of the cardholder data environment (CDE), as well as any externally facing system component…
Below is guidance from manufacturers and resellers on how to clean and sanitize your point of interaction (POI) devices. “Wet” covers that are more easily cleaned may seem like a great idea, but everyone else has the same idea and you will find the products backlogged at the moment. Poster for how to clean…
COVID-19 impact on your service provider listing at Visa Visa’s Global list of service providers (here) is a listing of PCI DSS Validated Service Providers and participants in Visa programs (such as Visa Third Party Agent (TPA) Program, etc) who are registered with Visa. The Registry is updated once a month. For service providers published…
