Understanding the different PCI compliance levels is the first step to reducing the challenges they might bring to your organization.

It’s hard to argue the role PCI compliance plays in today’s digital economy. Today, the framework introduced in the early 2000s outlines 12 PCI requirements that mer...

The data security rules around payments can be puzzling to new and seasoned payments professionals alike. Moreover, while the Payments Card Industry Data Security St...

The Payment Card Industry Data Security Standard (PCI DSS) is the global standard for ensuring the secure handling of credit card data. It’s designed to protect card...

The Payments Card Industry Data Security Standard (PCI DSS) outlines hundreds of requirements for storing, processing, and transmitting cardholder data. Any business...

As outlined in sub-requirements of the other 11 requirements, documenting expectations of the security posture of an organization is fundamental to the success of th...

System vulnerabilities can serve as an open door for attackers to walk right into secure systems and cause significant harm. The best prevention method is to consist...

Logging mechanisms and tracked user activities are critical to preventing, detecting, or minimizing the impact of a data compromise. Implementing logs on all system ...

While many organizations may prioritize the digital security measures needed to protect cardholder data, physical securities shouldn’t be forgotten. All physical acc...

PCI DSS Requirement 8 provides detailed guidance on the two fundamental principles for identifying and authenticating users: establishing the identity of a person th...

Assigning permissions carefully is one means of protecting sensitive account data by providing the minimum level of access necessary to perform an employee’s job.

PCI DSS Requirement 6 highlights the importance of installing security patches in order to protect systems from being accessed by anyone with malicious intentions. F...

Malicious software, also commonly known as malware, is any software or firmware specifically designed to cause damage to, or penetrate the security systems of, a com...

Vulnerabilities in legacy encryption and authentication protocols for wireless networks are often targeted by malicious individuals aiming to gain access to cardhold...

Public exposure of stored account and transaction data, either intentional or unintentional, can cause serious damage to a merchant. This is why the PCI SSC has crea...

Attackers often use default passwords and other vendor default settings to compromise systems. These passwords and settings are both well known and easily accessible...

Requirement 1 of the Payment Card Industry Data Security Standard (PCI DSS) is to “Install and Maintain Network Security Controls”. It is designed to help merchants ...

Any entity involved in transacting credit card business has an obligation to comply with Payment Card Industry Data Security Standards (PCI DSS), which is a publishe...

What is PCI-DSS and what does it mean to be in scope? PCI-DSS (the Payment Card Industry Data Security Standard) is an information security standard used by every en...

PCI-DSS is a detailed and complex security standard that any entity involved in credit card payments must adhere to. Broadly speaking, its purpose is to ensure that ...

PCI-DSS (Payment Card Industry Data Security Standard) is an information security standard that must be adhered to by any organization whose involvement in the proce...

Modern consumers often prefer to transact business digitally, but there are still times when they would rather speak to a live person. For many vendors this raises t...

The Payment Card Industry Data Security Standard (PCI DSS) is the global standard for ensuring the secure handling of credit card data. It’s designed to protect card...

Learn about sensitive authentication data (SAD), like CVV and CVC, how it works, and why you likely can’t store it.

Understanding PCI scope is the first step to reducing it. Get the basics and learn how to reduce scope by as much as 93%.

In this guide, we’ll review how card-on-file transactions work, examples of where they can be used, and benefits and drawbacks.

Everything you need to know about PCI DSS’ self-assessment questionnaires, Report on Compliance, an Attestation of Compliance.

Learn the core concepts, efforts, and trade-offs between building or buying a cardholder data environment (CDE).

Get a high-level overview of the effort and trade-offs required to build your own cardholder data environment (CDE).

Whether you’re looking to simply accept credit cards in-app or do something more complex, like split payments or multi-processor routing, understanding the level of ...

In the last couple of years, new and emerging business models, requirements, and workflows have forced companies to seek new ways to leverage this sensitive data mor...

What is a “Customized Approach”? Historically, PCI DSS has published a defined approach to implementing the required security controls. The standard outlined the com...

What is Formjacking? Also known as web skimming, e-skimming, or a magecart attack, formjacking is a technique that allows hackers to spy and capture sensitive data, ...

Find out when you must be compliant with PCI DSS 4 and which factors are most likely to impact your transition’s timeline.

While frustrating to many, it’s hard to argue the role PCI compliance has played in creating today’s digital economy. By outlining, defining, and enforcing standards...

Basis Theory’s Take Long story short: PCI compliance is exceptionally difficult to maintain if you want to use email to share any kind of PII. And doing so will requ...

Did you know that the first 4-8 numbers on a payment card, known as the BIN (Bank Identification Number), actually have a specific meaning and purpose? In order to p...