Did you come here looking for an answer to this question? If so, YOU ARE IN LUCK. We have lots of answers to this question. I am sure you can find one that fits your requirements. NOTE: all of the answers below are real. QSACs really said these things (not just a QSA, but…
What is a “payment page”? A simple question? Maybe not. I think a layperson would say that its the webpage where you input your payment details. A merchant completing an SAQ-A compliance assessment might disagree. Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…
Can’t find the “Whats New in PCIV4.0” training? You are not alone. It is well hidden! Head over to the council’s portal at https://programs.pcissc.org Login! (bet you have to change your password again, lol!) Find RESOURCE CENTER in the big list in the middle Put DSS in the search box and press ENTER Collapse the…
So you are wondering why you can not find the latest PCI DSS v4 version to participate in the RFC? You meet the criteria as a PO, QSA or ASV, but the document is nowhere to be found in the other PCI portal. Its because access to the RFC is restricted to your organizations’ primary contact. …
What are Assessor’s thoughts on requirement 6.4.5.3? 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. 6.4.5.3.a For each sampled change, verify that functionality testing is performed to verify that the change does not adversely impact the security of the system. Thorough testing should be performed to…
UPDATED FOR V4! If a merchant is eligible to complete a SAQ-A to report on the results of their compliance assessment, are they required to engage an ASV (approved scanning vendor) to complete external vulnerability scans? YES! V4 clearly includes PCI DSS requirement 11.3.2! (Note the new V4 numbering) Self-Assessment Questionnaire A and Attestation of…
