Mary Fleming
Bio
I'm an experienced consultant skilled in Payment Card Industry Data Security Standard (PCI DSS). Strong consulting professional with a Master of Science (MSc) focused in Information Management and Security.
Stories (8/0)
PCI DSS v4 – Changes at a Glance
After a considerable wait, the Payment Card Industry Security Standards Council (PCI SSC) released the latest version of the PCI Data Security Standard (PCI DSS) on March 31, 2022, to surprisingly little attention. This release marks a significant update in the realm of PCI DSS compliance, as it has been four years since the last minor update (v3.2.1) and nearly nine years since the last major update (v3.0). Considering the ever-evolving risks, security landscape, and technological advancements, many argue that this new release was long overdue. Now, let's explore the key changes related to PCI DSS compliance and understand why this update is classified as a major one.
By Mary Fleming7 months ago in Education
What Are the Service Provider Levels
In this blog, we shift our focus to service providers and their role in PCI compliance. According to the PCI Security Standards Council, PCI compliance, a service provider is defined as a business entity that is not a payment brand but is directly involved in processing, storing, or transmitting cardholder data. This definition also includes companies whose services have the potential to impact the security of cardholder data. It's important to note that a payment processor is indeed considered a service provider. Other examples include managed service providers (MSPs) offering managed network devices such as firewalls and IDS, as well as organizations that process payments on behalf of others, such as fundraising services.
By Mary Fleming8 months ago in Education
Top 5 common pitfalls of PCI DSS compliance
As a company certified as a Payment Card Industry Qualified Security Assessor (PCI QSA), we frequently receive inquiries from organizations that handle card payments regarding the key challenges to be mindful of when striving to achieve PCI DSS compliance, the Payment Card Industry Data Security Standard. In order to assist you, we have compiled a list of the most significant pitfalls to avoid if your organization aims to achieve or uphold compliance with this Standard. Here are our top five (5) recommendations to consider.
By Mary Fleming9 months ago in Education
PCI Policies, Procedures and Evidence
Documentation and compliant evidence pose a challenge for IT and security departments, but they are crucial for satisfying PCI DSS compliance and PCI Qualified Security Assessors (QSAs) and ensuring a successful PCI compliance audit. The effectiveness of PCI DSS compliance programs relies heavily on accurately and consistently recording events, as well as adhering to well-defined policies and procedures.
By Mary Fleming9 months ago in Education
PCI DSS: Pros and Cons of Outsourcing
In this blog, we delve into one of the prominent dilemmas confronting organizations that accept payment cards and seek to adhere to the Payment Card Industry Data Security Standard (PCI DSS) - PCI DSS compliance. The question at hand is whether to outsource the storage, processing, and transmission of cardholder data (CHD) in order to achieve PCI DSS compliance. We will explore the advantages and disadvantages of outsourcing in order to provide a comprehensive perspective on the matter.
By Mary Fleming10 months ago in Education
5 Ways to Reduce Your PCI DSS Scope
The applicability of the Payment Card Industry Data Security Standard (PCI DSS) poses challenges for most organizations that implement it. Even experienced PCI DSS compliant entities can encounter scope creep as their networks evolve.
By Mary Fleming10 months ago in Education
PCI DSS v4.0 and Multi-Factor Authentication
With the introduction of version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS), there has been a significant increase in the adoption of multi-factor authentication (MFA) to ensure PCI compliance. In this blog, we will explore the reasons behind the greater utilization of MFA and outline the key changes in requirements. Before delving into these aspects, let's start with the basics and define MFA. It is a process that requires users to provide two or more independent authentication factors to gain access to a system, account, or application, which is essential for maintaining PCI compliance. The most common form of MFA is based on the principle of "something you know" and "something you have." Many people are familiar with the two-step process of entering a password and then verifying their identity by submitting a one-time code received on their personal mobile device. The purpose of MFA is to enhance the security of user accounts by adding additional layers of authentication, making it more challenging for attackers to compromise them and ensuring compliance with PCI standards.
By Mary Fleming11 months ago in Education