PCI 4.0: What are the changes for Cloud computing?
Cloud computing has become an increasingly popular technology in recent years, and it has been evolving rapidly. With the release of PCI 4.0, the Payment Card Industry Data Security Standard (PCI DSS) has been updated to reflect the changing landscape of cloud...
New in PCI DSS version 4.0: Authenticated Scans
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of security standards that were established to ensure the safety and security of customers’ financial information. With the recent release of PCI DSS version 4.0, organizations must now use the...
The new PCI DSS version 4.0 is out: What to expect?
For the last few years, we have witnessed how the paradigm has been changing in the use and implementation of payment services. Which must keep aligned to security standards. As security consultants and auditors, we have followed these new concepts and had been...
Penetration Testing vs. Red Teaming: What’s the Difference?
When it comes to keeping your organization off the radar of cyberattacks, there are two types of cybersecurity tests that are recommended: penetration testing and red teaming. They are often used interchangeably, although they are two different things. So, how do you...
What is a PCI Segmentation Test?
The act of dividing a computer network into subnets is known as network segmentation. Network segmentation, when done correctly, improves network security and performance. Although network segmentation is not required by PCI DSS, it is strongly recommended. Network...
Are emailed credit card numbers in scope for PCI compliance?
Companies occasionally get sensitive credit card information (all information required to complete a purchase) via email or by telephone. As QSAs, we believe this is a security risk or, at the very least, poor practice and that it should be on top of mind. All...