Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

PCI DSS

Filter by category
Free live webinar: 5 signs you need a new QSA

Free live webinar: 5 signs you need a new QSA

Thursday 22nd November 3pm – 3.45pm (GMT) In this free live webinar Paul Brennecker and Laura Chatton will be discussing the QSA role. What does ‘good’ look like?  Why..

5 signs you need a new QSA

5 signs you need a new QSA

PCI DSS compliance is no longer an annual project. New requirements this year are ensuring that businesses are monitoring their compliance on a continuous basis. So, is your QSA..

GDPR and data security in the gambling industry

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..

Retained Forensic & Incident Response Service: how planning for the worst can add value to your business

Retained Forensic & Incident Response Service: how planning for the worst can add value to your business

By Paul Brennecker, Principal Security Consultant and Lead QSA Paul Brennecker gave a presentation at PCI London on 5th July 2018 and this article first appeared in that event’s..

The GDPR compliance fallacy

The GDPR compliance fallacy

There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..

The key to GDPR is common sense

The key to GDPR is common sense

by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..

How PCI compliance puts you on course for GDPR

How PCI compliance puts you on course for GDPR

For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..

PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders

PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders

Delegates at the PCI SSC Europe Community Meeting in Barcelona this week will have a lot on their minds. Changes to compliance, the security of customer payment card data,..

PCI – Europe Community Meeting Barcelona 24 – 26 October 2017

PCI – Europe Community Meeting Barcelona 24 – 26 October 2017

James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council..

Summer holidays: don’t take your eye of the PCI DSS ball

Summer holidays: don’t take your eye of the PCI DSS ball

The summer months are traditionally a time when hard-working people take a break. Those left in the office can end up feeling over-stretched or less-motivated than normal. But it..

Network intrusions are on the increase: time to engage a Retained Forensics specialist

Network intrusions are on the increase: time to engage a Retained Forensics specialist

This month Visa has reported an increase in the number of network intrusions involving service providers. It also reports increases in re-breaches of merchant payment environments and skimming incidents..

A data breach damages more than your reputation

A data breach damages more than your reputation

Being known as the source of the largest data breach in history is probably not how Yahoo would like to be remembered. The reputations of eBay, Linkedin, MySpace, Talk..

How to protect your business from account data compromise (ADC)

How to protect your business from account data compromise (ADC)

The fact is that all too often the first someone knows that their system has been breached is when they receive a call from their acquiring bank. Someone has..

Prevention and cure: working out an information security budget

Prevention and cure: working out an information security budget

The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..

Does outsourcing card processing make you PCI compliant?

Does outsourcing card processing make you PCI compliant?

By Paul Brennecker, Senior Information Security Consultant & Principal QSA The Payment Card Industry Data Security Standard (PCI DSS) lists a number of myths relating to PCI compliance. One of..

The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO

The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO

As Britain navigates its way through the choppy waters of Brexit, there is a great deal of uncertainty about exactly what form our new relationship with Europe will take...

New face in cyber crime investigation

New face in cyber crime investigation

There is a new face at the forefront of investigating cybercrime in the UK. Newcastle-based Security Risk Management has achieved another success for its SRM Academy Programme. With over..

Do not wait until it’s too late – engage a PFI company now!

Do not wait until it’s too late – engage a PFI company now!

‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing..

Changes to the Issuer Identification Number (IIN) standard

Changes to the Issuer Identification Number (IIN) standard

The numbers on payment cards are going to become longer. This is because of changes which are being made to the international standard (ISO/IEC 7812) under which Issuer Identification..

What is an Incident Response Plan?

What is an Incident Response Plan?

Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an..

Hot water and PCI compliance

Hot water and PCI compliance

There are a lot of online registers for reputable tradesmen. Many of these provide contact details for reliable plumbers in any given area, together with ratings and personal recommendations...

Multi Factor Authentication – why is this something that is so commonly misunderstood?

Multi Factor Authentication – why is this something that is so commonly misunderstood?

“The single biggest problem in communication is the illusion that it has taken place.” said George Bernard Shaw. This can be true in so many aspects of life and unfortunately,..

Home grown talent makes SRM European leader in cyber security

Home grown talent makes SRM European leader in cyber security

Newcastle-based Security Risk management (SRM) Ltd is addressing the national shortage of top level qualified cyber security consultants by employing individuals with potential and then providing training in house...

What are the common failure points of repeat info-security assessments?

What are the common failure points of repeat info-security assessments?

  Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so..

PCI DSS Version 3.2 is released today – so what has made it through to the final cut?

PCI DSS Version 3.2 is released today – so what has made it through to the final cut?

The eagerly anticipated update to the global Payment Card Industry Data Security Standard (PCI DSS) has been released today, Thursday April 28th 2016. This update to the standard has..

PCI DSS, Vulnerability Scans and the Trouble with SSL

PCI DSS, Vulnerability Scans and the Trouble with SSL

With the PCI Council set to release version 3.2 of the PCI DSS imminently, the subject of migration away from weak session encryption protocols is becoming a hot topic...

PCI DSS is a useful tool in GDPR compliance

PCI DSS is a useful tool in GDPR compliance

By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..