When you first embarked on your Payment Card Industry (PCI) Data Security Standard (DSS) compliance journey, did you ever imagine you would be where you are now? With large..
PCI compliance is essential for businesses that are required to maintain payment security and protect customer data. But what exactly is involved in the 12 PCI DSS requirements? As..
Achieving PCI compliance is vital for all businesses that accept card payments, but what’s the best way to get started when you are trying to keep costs down in..
How has the coronavirus changed e-commerce businesses? It would be fair to say that COVID-19 has turned many aspects of everyday life upside down. Even before the Prime Minister..
Businesses using Magento 1 have a decision to make before June. Here are the options and the Magento PCI compliance implications to be aware of. First released to the..
I hope that you have now settled into your new working routine. Although it might not be business as usual for the foreseeable future, the importance of your information..
PCI DSS compliance is like car maintenance; to ensure your vehicle remains roadworthy throughout the year you need to practise an ongoing programme of routine repairs, regular servicing and..
5 signs you need a new QSA – Thursday 22nd November 3pm – 3.45pm (GMT) In this free live webinar Paul Brennecker and Laura Chatton will be discussing the..
PCI DSS compliance is no longer an annual project. New requirements this year are ensuring that businesses are monitoring their compliance on a continuous basis. So, is your QSA..
by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..
For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..
More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..
SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing. How a responsive Test and Exercise strategy..
James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council..
The summer months are traditionally a time when hard-working people take a break. Those left in the office can end up feeling over-stretched or less-motivated than normal. But it..
The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..
‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing..
Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an..
There are a lot of online registers for reputable tradesmen. Many of these provide contact details for reliable plumbers in any given area, together with ratings and personal recommendations...
‘Twas the night before Christmas, and all through the house, Not an iPad was stirring, nor PC or Mouse; The shopping had been done on the internet..
“The single biggest problem in communication is the illusion that it has taken place.” said George Bernard Shaw. This can be true in so many aspects of life and unfortunately,..
Newcastle-based Security Risk management (SRM) Ltd is addressing the national shortage of top level qualified cyber security consultants by employing individuals with potential and then providing training in house...
Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what..
The eagerly anticipated update to the global Payment Card Industry Data Security Standard (PCI DSS) has been released today, Thursday April 28th 2016. This update to the standard has..
A company trying to navigate the minefield of info-security compliance may think of it as a daunting task. On one side is PCI DSS and Data Protection while on..
“We do not negotiate with terrorists” is a patriotic statement used by many countries. Does this notion still hold when you risk losing your data? The short answer is..
With the PCI Council set to release version 3.2 of the PCI DSS imminently, the subject of migration away from weak session encryption protocols is becoming a hot topic...
By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..
2015 ended on a bombshell of legislative changes creating an air of unwelcome uncertainty for businesses. Yet, they need not be a cause for concern. The announcement of the..
Making a case for the VirtualCISO Few company directors have a deep knowledge of corporate law, or a detailed understanding of investment planning or tax implications. They employ offsite..
By Chris Ince, Information Security Consultant “The processing of personal data should be designed to serve mankind.” (Council of the European Union, 2015) On 8th December the European Parliament, Council..
As major retailers across the country announce the recruitment of additional security staff to safeguard shoppers on Black Friday, it is also time for online businesses to ramp up..
By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd “Is it hard?’ Not if you have the right attitudes. It’s having the right attitudes..
Data security in the gambling industry by Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd Complying with the mandatory security regulations within the gambling industry may appear..
by Brian Fenwick, Operations Director Financial Fraud Action UK (FFA UK) has published its 2015 Annual Review. The organisation, which is ‘responsible for leading the collective fight against fraud..
by Paul Brennecker Merchants can enhance data protection and simplify compliance efforts by adopting the PCI-approved point-to-point (P2PE) Standard v 2. Simpler to adhere to than the original version,..
By Paul Brenneker Those who have had involvement with PCI Data Security Standards (PCI-DSS) will know that Penetration Testing has been mandatory since the PCI standard was first issued...
In 2015, the good news is that businesses are getting better at achieving full PCI compliance. In fact, fully compliant organisations rose from 11.1% in 2013 to 20% by..