PCI DSS Articles

A new version of PCI DSS is now available. With it comes major changes for service providers and merchants in how to protect cardholder data.

Are you a “service provider” as defined by PCI DSS? Do the changes affect you or your IT clients? Find out in this post.

Did you think you crossed the PCI DSS finish line? Unfortunately , the rules have changed. Only a few months after the Jan. 1 deadline to comply with PCI DSS 3.0, the PCI Council released a new version and said it was effective immediately.

In this post, see the changes in the new PCI DSS 3.1. You’ll see the requirements most affected by the update and why you may need a “risk mitigation and migration” plan to stay compliant.

PCI compliance is rising across the industry, but did you know that four out of five organizations that achieve compliance fail an assessment less than a year later? That finding and more comes from Verizon’s 2015 PCI Compliance Report.

In this post, see which PCI requirements are most correlated with having a data breach. You’ll also see why we expect a rise in card-not-present fraud and why maintaining compliance is so difficult.

The deadline to comply with PCI DSS 3.0 passed on Jan 1. But even if it were pushed back until June, many merchants would still be struggling to comply with the older 2.0 rules.

See highlights of a sneak preview of Verizon's 2015 compliance report. You'll see how many merchants maintain compliance after they are verified (fewer than you think) and the two most problematic areas they stuggle with.

Think banks want you to comply with PCI DSS security? Think again.

See the 3 reasons why banks don't want small merchants like you to comply with the rules.