by Gerdien van den Bosch | Apr 26, 2022 | Compliance, PCI DSS
For the last few years, we have witnessed how the paradigm has been changing in the use and implementation of payment services. Which must keep aligned to security standards. As security consultants and auditors, we have followed these new concepts and had been...
by Gerdien van den Bosch | Mar 8, 2021 | Compliance, PCI DSS
PCI DSS Compliance comes in multiple parts. For some, the hardest part might seem to be the road to compliance, but in fact, we see many organizations struggling with remaining compliant: PCI DSS is not a single-use task that is done at a certain date but requires...
by Gerdien van den Bosch | Dec 10, 2019 | Compliance, PCI DSS
PCI DSS has incorporated new requirements in the latest version 3.2.1. Within the new requirements for service providers, there is one of the requirements (3.5.1) which requires maintaining the documented cryptographic architecture where the algorithms, protocols and...
by Gerdien van den Bosch | Nov 18, 2019 | Compliance, PCI DSS
Many merchants and service providers choose the path of self-validating. They perform all validation steps themselves and record their progress in the Self-Assessment Questionnaires (SAQ) and report their status in the Attestation of Compliance. A PCI Compliance...
by Gerdien van den Bosch | Oct 29, 2019 | Compliance, PCI DSS
Getting compliant to PCI DSS is not an easy task. It requires dedication, some inspiration and certainly a lot of perspiration. During the annual assessment, we witness the many hours of work spent by various teams in order to achieve or maintain compliance. But we...
by Gerdien van den Bosch | Oct 1, 2019 | Compliance, PCI DSS
We still have clients ask us this question from time to time. Unfortunately, simply encrypting Cardholder data (CHD) doesn’t necessarily de-scope it. Under most circumstances, if encrypted CHD is stored, processed or transmitted it will still be in the scope of PCI...
