thePCI Portal

Category: V4.0

What is a “payment page”?

What is a “payment page”? A simple question?  Maybe not. I think a layperson would say that its the webpage where you input your payment details.  A merchant completing an SAQ-A compliance assessment might disagree.  Merchants load these pages with scripts to enable marketing analytics, conversion trackers and chatbots to increase conversion and help consumers complete…

eye on PCI v4

full speed ahead on PCI v4

August 25 2020: The council is still analyzing feedback from previous RFC (plan is to comment on all feedback).  Council is preparing the next RFC while updating supporting documents (glossary, prioritized approach, SAQs, etc) and training.   An extended transition period is planned. 3.2.1 to be retired 2 years AFTER the release of v4.0.  Future…

The upcoming revision to the data security standard, version 4

The Council has a blog post about the upcoming revision to the data security standard, version 4. While talking about version 4, the council has specifically identified the following industry feedback related to the DSS: Authentication, specifically consideration for the NIST MFA/password guidance Broader applicability for encrypting cardholder data on trusted networks Monitoring requirements to…