E-Commerce: Balancing Speed to Market and Payment Security

With COVID-19 we are seeing a shift from bricks and mortar to e-commerce, particularly in the retail sector – James Reynolds takes a look at what companies can do to ensure they are PCI compliant and online payments are protected. As companies look at how they will continue to trade during the pandemic, many are …

How will the Magento 1.x EOL affect PCI-DSS compliance?

In 2007, Magento was first released as a powerful and easy to use e-commerce platform that rapidly gained traction amongst online merchants. Magento won awards and was eventually sold by eBay to Adobe for $1.68B USD in 2018. Today, Magento powers 12% of all ecommerce sites worldwide, with about 239,000 active sites using Magento 1.x. …

Apply Critical Thinking to Security and Compliance

Recently I came across a case where a company had encouraged their clients to apply for their services via a written form, which included fields for credit card information to pay for those services. The clients were encouraged to return the forms via email in a PDF format. The company in question was undergoing a PCI DSS …

COVID-19: A Changing Threat Landscape for Acquirers and Merchants

SecureTrust has been fielding a lot of feedback from our acquirer community regarding the changes and new challenges to their businesses resulting from the COVID-19 pandemic. The most urgent of these challenges is the sharp rise in attacks from criminal organizations taking advantage of business shutdowns. It is very important to maintain vigilance in cybersecurity …

Guidance for PCI Assessments During COVID-19

One of the challenges of information security and compliance is dealing with evolving requirements. The current pandemic with Covid-19 has further added complexity to how we operate and maintain secure payment systems. Not only do we have technical and administrative controls to manage and maintain but we also must address public health and safety concerns …

The PCI Charter

Experience time and again has shown that successful PCI DSS efforts, both internal self-assessments and external assessments, have a point person or team within the organization who drives for project completion and organizational compliance. A key stakeholder interaction between that point person or team, what we will call the project manager, and the overall project …