thePCI Portal

Category: Assessments

Does a Merchant or Service Provider HAVE to use a PCI Compliant Service Provider (or can that Service Provider be non-compliant)?

I think that everyone would agree that the a service provider does not necessarily have to be independently “assessed” as PCI DSS compliant.  They could also be assessed as part of the assessed entity’s assessment.  But do they need to be “assessed” or “compliant” at all? I think its a risk based decision that depends on…

PCI DSS compliance for Service Providers

There are 4 generally accepted levels of PCI compliance assessment for a service provider, in ascending order of Service Provider effort:   Compliance Assessment Method Completion and signing Info Annual Service Provider relative effort Annual QSA effort Service provider assessed as part of (each) client’s assessment None May require onsite visit. Hours/days Client’s QSA:  Hours/days…

Supplementary validation for “designated” entities

Have you ever heard of the supplementary validation for designated entities (a.k.a DESV)? If not, you should be happy.  According to the Council’s FAQ for designated entities, “A Designated Entity is determined by an Acquirer or Payment Brand as an organization that requires additional validation to existing PCI DSS requirements. “ Organizations that view PCI…

Travel Agent PCI DSS Deadline June 1 2017 UPDATE! EXTENSION FROM IATA

The countdown is on for IATA Accredited Agents to be Payment Card Industry (PCI) Data Security Standard (DSS) compliant by June 1, 2017 IATA has issued the deadline to reduce the risks associated with payment card transactions and potential data breaches and made PCI DSS compliance a mandatory condition to obtain and retain accreditation as an…

SharePoint users rejoice

It seems like PCI Assessments and large SharePoint file repositories go hand in hand.  I am sure we have all learned a SharePoint trick or two like: How to open SharePoint sites in file explorer for easy file manipulation. Mapping a drive to a SharePoint site. Using Microsoft’s agent to synch a SharePoint site locally.…