by
Sarah Harvey / April 12, 2023
We get a lot of questions about SOC 2 and PCI audits. Should your company do both? Are you able to consolidate multiple audits into one project? KirkpatrickPrice has developed the Online Audit Manager to make it easier to combine multiple audits into one project. Let’s talk through why and how you would take on the project of a combined SOC 2 and PCI audit. What are SOC 2 and…
by
Sarah Harvey / June 13, 2023
In the payment card industry, our auditors come across the same vulnerabilities and gaps time and time again across different organizations. Even for a retailer as big as Macy’s, security gaps showed up in full force when their payment card systems were breached in 2018. Did Macy's security team take the time to mitigate the most common PCI gaps? Could they may have saved the millions of dollars by implementing…
by
Sarah Harvey / June 14, 2023
Let's face it: our society is becoming more reliant on cashless payment systems, from payment cards to contactless pay. With this digital focus, the security of cardholder data is top of mind to consumers. In fact, according to Pew Research Center, “41% of Americans have encountered fraudulent charges on their credit cards.” If your business cannot prove that your services are secure, why would consumers choose to do business with…
by
Sarah Harvey / April 12, 2023
Introduction to the 12 PCI Requirements The purpose of the PCI DSS is to ensure that all of that data that lives within the cardholder data environment (CDE) is protected and secured from theft or unauthorized use. If you are a merchant, service provider, or subservice provider who stores, processes, or transmits cardholder data, you are subject to comply with the PCI DSS but doing so may seem daunting. Why?…
by
Sarah Harvey / June 14, 2023
Are you a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data? Going through a PCI audit for the first time? Your organization will need an individual who can help you maintain PCI compliance and provide you with a high-quality PCI audit. Who can do that? A Qualified Security Assessor (QSA). In fact, a QSA is the only individual who can deliver a PCI RoC for…
