Results 1 to 5 of 5

Thread: Pci dss

  1. #1
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,410

    Default Pci dss

    Some more work for somebody:

    On January 31, a new PCI provision went into effect that requires Level 4 merchants to submit a Self-Assessment Questionnaire (SAQ) to their issuing banks. Previously, Level 4 merchants, which are defined as processing 20,000 or fewer ecommerce transactions or 1 million total transactions, were exempt from the SAQ requirement. Companies processing more transactions, defined as Level 1 merchants, have even stricter requirements, including annual audits of computer systems and quarterly network scans.

    Even so, the SAQ can institute a considerable burden on IT departments that are already cut to the bone. “The Self-Assessment Questionnaire can be up to 500+ questions and take months to complete,” says Ira Chandler, CTO for Curbstone Corp., a provider of IBM i payment software. “And, an officer of the Company has to sign an Attestation of Compliance in blood that the SAQ is accurate,” he adds, with some exaggeration.

    Visa, the credit card company behind PCI, says small companies are being targeted by cybercriminals. “Based on recent forensic investigations, small merchants remain a target of hackers attempting to compromise payment data,” the company says in a January 2016 security bulletin (pdf). “Additionally, investigators have identified links between improperly installed POS applications and merchant payment data environment breaches.”

    Level 4 merchants – which includes any company processing credit card transactions for any reason, not just retailers – faced other PCI changes starting January 31, 2017, including the requirements that they work only with POS application and terminal resellers and integrators who are PCI-certified under its Qualified Integrators and Reseller (QIR) program.

    “Using organizations that have completed the PCI SSC QIR training program helps improve security by ensuring that payment applications and terminals are installed and integrated in a manner that mitigates payment data breaches and facilitates a merchant’s PCI DSS compliance,” Visa states in the security brief.
    https://www.itjungle.com/2017/03/08/...-just-changed/

  2. #2
    Master Untangler Kyawa's Avatar
    Join Date
    Dec 2016
    Location
    Maryland
    Posts
    199

    Default

    I'm not sure this is new. My customers are Level 4 and we've been doing the SAQ and scans for years. Here's a link from 2015.

    http://searchsecurity.techtarget.com...erchant-levels

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,267

    Default

    Yeah, I've been filling out that questionnaire for ages. It's annoying because it's IT, but not...
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,410

    Default

    Yes, I have minimized the SAQ in the past by keeping the credit card terminals off of the network, and connected by POTS lines. But it did exist.

    Don't miss this part:
    other PCI changes starting January 31, 2017, including the requirements that they work only with POS application and terminal resellers and integrators who are PCI-certified under its Qualified Integrators and Reseller (QIR) program.
    Verify QIR

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,267

    Default

    Oh yay another certification to ignore, I'll put it next to my nonexistent A+.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2