thePCI Portal

What is a “payment page”?

What is a “payment page”? A simple question?  Maybe not. I think a layperson would say that its the webpage where you input your payment details.  A merchant completing an SAQ-A compliance assessment might disagree.  Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…

What is your favourite PCI DSS requirement?

For me, 6.1 and its brethren 6.2.  Knowing about vulnerabilities and doing something about them! As a QSA, I always knew of a big critical vulnerability in each platform I assessed.  A biggie.  The worse the better. I poured over samples seeking unpatched devices.  Every demo session I would be jotting version numbers down continually…

Preparing for reopening

Below is guidance from manufacturers and resellers on how to clean and sanitize your point of interaction (POI) devices.  “Wet” covers that are more easily cleaned may seem like a great idea, but everyone else has the same idea and you will find the products backlogged at the moment.   Poster for how to clean…

COVID and Compliance (April 27, 2020)

Compliance assessment activities and regular compliance activities (i.e. penetration tests, employee training, etc) may be disrupted during COVID. Retail locations may be closed, staff may be unavailable. Obviously human safety trumps any PCI DSS compliance concerns.  Merchants and QSAs do have questions about compliance in COVID times. We are still awaiting to hear  from the acquirers…