Digital payments are, for the most part, the norm for commerce in the modern world. From swiping credit cards, tapping phones, or using credit card information in digital storefronts, a lot of payment information is moving through digital networks… and potentially insecure technologies. This is why credit card networks created the PCI DSS standard to govern security in the payments industry. 

PCI DSS governs these payment technologies, including developing and implementing payment tools at all customer touchpoints. This has led to the PCI DSS Secure Software Life Cycle (SLC) standard, a guideline designed to ensure that security is embedded right from the inception of software development.

Read More

So, after a long journey, we’ve arrived at the twelfth and final requirement for PCI DSS 4.0. Last but certainly not least, this requirement emphasizes the need for creating, documenting, and implementing organization-wide security and compliance policies. 

Read More

System security is one task of many in organizations focused on compliance, one that requires continuous monitoring and diligence to ensure its success. One of the more critical aspects of compliance requirements like PCI DSS 4.0 is ongoing testing of system and network components. 

What does that process look like for companies in the payment industry? It involves a combination of active and passive testing methods to document and follow up on unauthorized changes. 

Read More