dcsimg

Demonstrate your PCI DSS compliance with by completing an SAQ

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard).  Compliance will be a lengthy process for some, but organisations that handle fewer than six million transactions annually can speed up the process by completing an SAQ (self-assessment questionnaire).  There … [Read more...]

A compliance checklist for the 12 requirements of the PCI DSS

Any organisation that stores, processes or transmits payment card data must comply with the PCI DSS (Payment Card Industry Data Security Standard).  The Standard contains 12 requirements, which we’ll run through in this blog along with an overview of the steps you should complete to meet each one.   1. Install and maintain a firewall configuration to protect cardholder data Firewalls control … [Read more...]

How safe is it to take card payments over the phone?

Most of us are so comfortable making payments over the Internet that we barely think twice about the security implications. But the same can’t be said of transactions made over the phone.  Why is that? They’re both card-not-present payments, and you’re essentially doing the same thing: providing your card details to an organisation.  The only difference is that, over the telephone, you speak to … [Read more...]

How Ireland’s Credit Unions can meet their penetration testing requirements

Credit unions in Ireland are required to conduct a penetration test once a year, and send the results to the Central Bank of Ireland for review.  According to a report published by the Bank last year, credit unions are getting better at doing this. But for those that are still unsure how to complete this process or simply want to get better at it, this blog explains everything you need to know … [Read more...]

What do SMEs need to do to comply with the PCI DSS?

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). The PCI DSS is a set of tools and measures to help you protect payment card data. It applies to all organisations that transmit, process or store such information, but SMEs (small and medium-sized organisations) … [Read more...]

IT Governance Europe announces new PCI DSS training courses

The PCI DSS (Payment Card Industry Data Security Standard) is administered by the PCI SSC (Security Standards Council) to help prevent payment card fraud and strengthen payment card data security. All organisations that accept, store, transmit or process cardholder data must comply.   When implemented correctly, the PCI DSS helps organisations secure … [Read more...]

The 4 stages of cyber resilience

The cyber threat landscape has evolved rapidly in the past few years. Organisations are increasingly reliant on technology and more eager than ever to collect personal data, but without the resources to protect their systems, cyber crime has flourished. We’ve reached a point where there are so many crooks and potential vulnerabilities that it’s foolish to suggest that you can prevent breaches … [Read more...]

Have you met the PCI SSC’s new QSA requirements?

As of 2019, the qualification requirements for QSAs (Qualified Security Assessors) have become much tougher. Assessors must now gain an information security and an IT audit certificate. Under the previous rules, QSAs were only required to hold one of those qualifications. The rule change took effect on 1 January 2019 for new QSAs. Those who were already qualified have until 1 July 2019 to gain … [Read more...]

3 fundamental IT issues and how you can resolve them

Every organisation has its own unique challenges, but some issues are so fundamental to business operations that they are practically universal. This blog outlines three common problems, and offers a solution for understanding and tackling them. 1. Staff awareness According to Leron Zinatullin, author of The Psychology of Information Security, one of the biggest problems … [Read more...]

No organisation is immune to cyber attacks

Hackers are becoming more skilled and sophisticated, and this is leaving Irish business owners and their systems extremely vulnerable and unable to protect themselves against cyber security threats. One of the most common tools a company can use to defend themselves against hackers is a penetration test. During a penetration test, an ethical hacker utilises the same techniques as a criminal hacker … [Read more...]