What is a “payment page”? A simple question? Maybe not. I think a layperson would say that its the webpage where you input your payment details. A merchant completing an SAQ-A compliance assessment might disagree. Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…
Category: V4.0
4.0, PCI DSS, PCI SSC, QSA, Uncategorized, V4.0
Why cant I find PCI DSS v4 draft anywhere?
by Ed • • 0 Comments
So you are wondering why you can not find the latest PCI DSS v4 version to participate in the RFC? You meet the criteria as a PO, QSA or ASV, but the document is nowhere to be found in the other PCI portal. Its because access to the RFC is restricted to your organizations’ primary contact. …
Community Meeting, PCI DSS, V4.0
eye on PCI v4
by Ed • • 0 Comments
August 25 2020: The council is still analyzing feedback from previous RFC (plan is to comment on all feedback). Council is preparing the next RFC while updating supporting documents (glossary, prioritized approach, SAQs, etc) and training. An extended transition period is planned. 3.2.1 to be retired 2 years AFTER the release of v4.0. Future…
PCI DSS, PCI SSC, V4.0
The upcoming revision to the data security standard, version 4
by Ed • • 0 Comments
The Council has a blog post about the upcoming revision to the data security standard, version 4. While talking about version 4, the council has specifically identified the following industry feedback related to the DSS: Authentication, specifically consideration for the NIST MFA/password guidance Broader applicability for encrypting cardholder data on trusted networks Monitoring requirements to…
