PCI DSS

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of […]

Read More

Countdown to PCI DSS 3.0 : Lessons Learned from Early Adopters

As most of us know, the PCI DSS assessment effectively moved from version 2.0 to 3.0 at the beginning of 2014.  The new 3.0 version raises security standards to help organizations focus more on the actual payment security aspect rather than the compliance itself.  Having performed many PCI DSS 3.0 assessments this year, we want […]

Read More

Hacking The Holidays: Protect Your Credit Card Information

Unfortunately, the Grinch is not the only one out there wishing to steal Christmas.  While the holidays generally encompass a time of joy and giving, it can also bring with its share of troubles.  It is during these times that people will most often let their guard down.  In the search for the best deal, […]

Read More

Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance

By: Vincent Booker, Senior Consultant at A-LIGN Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance: What You Should Be Asking Based on the New Requirements and Guidance. Third-Party Security Assurance As companies expand their reliance on third-party services providers (“TPSP”s) to store, process, or transmit cardholder data (“CHD”) or manage components […]

Read More

How to Gain Efficiencies When Adding PCI DSS to Your SSAE 16 or SOC 2 Report

By: Lori Crooks, Managing Consultant at A-LIGN If you process, store or transmit credit card data and already have a SSAE 16 or SOC 2 report, you might be considering adding on a PCI DSS assessment – and it isn’t as painful as you may think! There are controls, such as physical security, logical access, […]

Read More

What Everyone Should Take Away from the Recent Retail Breaches

By: Gene Geiger, Partner of A-LIGN Recent Retail Breaches – What Should You Do When news of the Target breach was announced, in the middle of the holiday shopping season, it made headlines and re-kindled the debate on payment card data security and more specifically, the effectiveness of the PCI Data Security Standard (“PCI DSS”), which […]

Read More

Webinar: “Countdown to Compliance: What you need to know for PCI 3.0”

A-LIGN to present, “Countdown to Compliance: What you need to know for PCI 3.0” on Tuesday, December 10, 2013, from 2:00-3:00 pm EST. Gene Geiger, Director of A-LIGN Security and Compliance Services, will provide highlights of the changes in the standard from PCI DSS Version 2.0 to 3.0, the required implementation timeline and how organizations […]

Read More

PCI Data Security Standard Version 3.0 – Breakdown of Changes to Anticipate

By: Gene Geiger, Partner of A-LIGN Following the 36 month lifecycle the PCI Security Standards Council (“Council”) has established for the published standards, Version 3.0 of the PCI Data Security Standard is in the final stages before it will be released on November 7, 2013. Through several webinars and documents provided to stakeholders, the Council has […]

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service Providers (“CSP”) maintain PCI DSS compliant environments and also to […]

Read More

PCI Security Standards Council Releases New Information Supplement on Cloud Computing

  By: Gene Geiger, Partner of A-lign Security and Compliance Services In February the PCI Security Standards Council (the “Council”) released a new information supplement related to the application of the Payment Card Industry Data Security Standards (“PCI DSS”) requirements in the Cloud. The goal of the information supplement is to assist Merchants and Cloud Service […]

Read More