Ask the Auditor: PCI DSS Requirements 1 & 2

by Sarah Harvey / June 13, 2023

Last month, in an exclusive online interview, we asked one of our very own Information Security Auditors, Barry Williams, some frequently asked questions about PCI Data Security Standard Requirements 1 and 2. With his specialized expertise, we were able to gain some clarity on the robust information security standard. Here are the highlights from the interview: Q: What are some of the serious consequences you have seen or heard about…

Top 4 Critical Components of a Call Monitoring Program

by Sarah Harvey / June 15, 2023

As the CFPB continues to closely supervise the collections environment, it’s important to analyze and fully understand the areas of risk. One of the biggest risk to a collection agency is communication with consumers, making the monitoring of calls a very telling practice.  An effective call monitoring program is a critical component of any compliance management system, mandated by the CFPB, and is a way for organization’s to be able…

Who’s responsible for what? Data flow dynamic of payment card security

by Sarah Harvey / December 16, 2022

Data flow dynamic of payment card security Last month, the Electronic Transactions Association (ETA), a global association which represents those in the payments space, announced a partnership with the PCI Security Standards Council (PCI SCC). This partnership brought the two together at TRANSACT 15, ETA’s annual conference, to present the industry with the most recent PCI DSS updates as well as focus the payments community on data breach prevention and payments…

PCI Readiness Series: PCI Requirements 1 and 2

by KirkpatrickPrice / April 12, 2023

Are you a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data? If so, this is a great place to be introduced to the PCI DSS. The PCI Security Standards Council is a third-party organization that was developed for the sole purpose of managing the security of cardholder data. Prior to the PCI Security Standards Council, each payment card brand managed their own security standards. Eventually, the payment…

5 Deadly Compliance Mistakes

by Sarah Harvey / December 16, 2022

1. Compliant ≠ Secure One of the most troubling mindsets within an organization is “I’m compliant, ergo I’m secure.” Where compliance may be a good place to begin your “quest for security”, unless you look at your environment from a risk-based approach, and manage your environment based on the results of your risk analysis, you may be unpleasantly surprised when an outsider exploits a vulnerability found in your infrastructure. Simply…