thePCI Portal

Does requirement 6.4.3 mean that a merchant who uses an iframe so that their payment service provider collects the payment information have to implement a method to ensure the integrity of scripts on their web page?

Did you come here looking for an answer to this question?  If so, YOU ARE IN LUCK.  We have lots of answers to this question.  I am sure you can find one that fits your requirements.   NOTE:  all of the answers below are real.  QSACs really said these things (not just a QSA, but…

What is a “payment page”?

What is a “payment page”? A simple question?  Maybe not. I think a layperson would say that its the webpage where you input your payment details.  A merchant completing an SAQ-A compliance assessment might disagree.  Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…

What is your favourite PCI DSS requirement?

For me, 6.1 and its brethren 6.2.  Knowing about vulnerabilities and doing something about them! As a QSA, I always knew of a big critical vulnerability in each platform I assessed.  A biggie.  The worse the better. I poured over samples seeking unpatched devices.  Every demo session I would be jotting version numbers down continually…

Preparing for reopening

Below is guidance from manufacturers and resellers on how to clean and sanitize your point of interaction (POI) devices.  “Wet” covers that are more easily cleaned may seem like a great idea, but everyone else has the same idea and you will find the products backlogged at the moment.   Poster for how to clean…