What is a “payment page”? A simple question? Maybe not. I think a layperson would say that its the webpage where you input your payment details. A merchant completing an SAQ-A compliance assessment might disagree. Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…
Category: 4.0
4.0, PCI DSS
Can’t find the “Whats New in PCI V4.0” training?
by Ed • • 0 Comments
Can’t find the “Whats New in PCIV4.0” training? You are not alone. It is well hidden! Head over to the council’s portal at https://programs.pcissc.org Login! (bet you have to change your password again, lol!) Find RESOURCE CENTER in the big list in the middle Put DSS in the search box and press ENTER Collapse the…
4.0, PCI DSS, PCI SSC, QSA, Uncategorized, V4.0
Why cant I find PCI DSS v4 draft anywhere?
by Ed • • 0 Comments
So you are wondering why you can not find the latest PCI DSS v4 version to participate in the RFC? You meet the criteria as a PO, QSA or ASV, but the document is nowhere to be found in the other PCI portal. Its because access to the RFC is restricted to your organizations’ primary contact. …
4.0, PCI DSS, PCI Version, Security Testing, V3.2.1
Functionality testing to verify that the change does not adversely impact the security of the system
by Ed • • 0 Comments
What are Assessor’s thoughts on requirement 6.4.5.3? 6.4.5.3 Functionality testing to verify that the change does not adversely impact the security of the system. 6.4.5.3.a For each sampled change, verify that functionality testing is performed to verify that the change does not adversely impact the security of the system. Thorough testing should be performed to…
4.0, Assessments, ASV, PCI DSS, SAQ A, V3.1, V3.2.1, Vulnerability Management
Does an SAQ-A merchant need ASV scans?
by Ed • • 0 Comments
UPDATED FOR V4! If a merchant is eligible to complete a SAQ-A to report on the results of their compliance assessment, are they required to engage an ASV (approved scanning vendor) to complete external vulnerability scans? YES! V4 clearly includes PCI DSS requirement 11.3.2! (Note the new V4 numbering) Self-Assessment Questionnaire A and Attestation of…
