dcsimg

How safe is it to take card payments over the phone?

Most of us are so comfortable making payments over the Internet that we barely think twice about the security implications. But the same can’t be said of transactions made over the phone.  Why is that? They’re both card-not-present payments, and you’re essentially doing the same thing: providing your card details to an organisation.  The only difference is that, over the telephone, you speak to … [Read more...]

IT Governance Europe announces new PCI DSS training courses

The PCI DSS (Payment Card Industry Data Security Standard) is administered by the PCI SSC (Security Standards Council) to help prevent payment card fraud and strengthen payment card data security. All organisations that accept, store, transmit or process cardholder data must comply.   When implemented correctly, the PCI DSS helps organisations secure … [Read more...]

Have you met the PCI SSC’s new QSA requirements?

As of 2019, the qualification requirements for QSAs (Qualified Security Assessors) have become much tougher. Assessors must now gain an information security and an IT audit certificate. Under the previous rules, QSAs were only required to hold one of those qualifications. The rule change took effect on 1 January 2019 for new QSAs. Those who were already qualified have until 1 July 2019 to gain … [Read more...]

Preparing for a PCI audit

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is demonstrated by an audit of the cardholder data environment (CDE). The type of audit depends on the compliance requirements of the payment brand and the level of the merchant/service provider as defined by that brand. Level 1 merchants must have an external audit performed by a Qualified Security Assessor (QSA) and … [Read more...]