Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

PCI DSS

Filter by category
Filter by topic
Free live webinar: 5 signs you need a new QSA

Free live webinar: 5 signs you need a new QSA

5 signs you need a new QSA – Thursday 22nd November 3pm – 3.45pm (GMT) In this free live webinar Paul Brennecker and Laura Chatton will be discussing the..

5 signs you need a new QSA

5 signs you need a new QSA

PCI DSS compliance is no longer an annual project. New requirements this year are ensuring that businesses are monitoring their compliance on a continuous basis. So, is your QSA..

The key to GDPR is common sense

The key to GDPR is common sense

by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..

How PCI compliance puts you on course for GDPR

How PCI compliance puts you on course for GDPR

For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

Penetration testing: if prevention is to be an achievable goal we cannot rely on static defences

SRM is at the PCI London event in London on 25th January, presenting on The Synergy Between Automated and Manual Penetration Testing.  How a responsive Test and Exercise strategy..

PCI – Europe Community Meeting Barcelona 24 – 26 October 2017

PCI – Europe Community Meeting Barcelona 24 – 26 October 2017

James Hopper and Paul Brennecker of SRM will be attending the Europe Community Meeting in Barcelona 24th – 26th October. Organised by the Payment Card Industry Security Standards Council..

Summer holidays: don’t take your eye of the PCI DSS ball

Summer holidays: don’t take your eye of the PCI DSS ball

The summer months are traditionally a time when hard-working people take a break. Those left in the office can end up feeling over-stretched or less-motivated than normal. But it..

Prevention and cure: working out an information security budget

Prevention and cure: working out an information security budget

The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..

Do not wait until it’s too late – engage a PFI company now!

Do not wait until it’s too late – engage a PFI company now!

‘Do not wait until it’s too late – engage a PFI company now!’ That is the advice given by Jeremy King, International Director, PCI Security Standards Council in his closing..

What is an Incident Response Plan?

What is an Incident Response Plan?

Information security breaches can and do happen, even to the best prepared organisations. Every year, companies that have demonstrated ongoing PCI DSS compliance will still fall victim to an..

Hot water and PCI compliance

Hot water and PCI compliance

There are a lot of online registers for reputable tradesmen. Many of these provide contact details for reliable plumbers in any given area, together with ratings and personal recommendations...

A Cautionary Christmas Tale

A Cautionary Christmas Tale

  ‘Twas the night before Christmas, and all through the house, Not an iPad was stirring, nor PC or Mouse;   The shopping had been done on the internet..

Multi Factor Authentication – why is this something that is so commonly misunderstood?

Multi Factor Authentication – why is this something that is so commonly misunderstood?

“The single biggest problem in communication is the illusion that it has taken place.” said George Bernard Shaw. This can be true in so many aspects of life and unfortunately,..

Home grown talent makes SRM European leader in cyber security

Home grown talent makes SRM European leader in cyber security

Newcastle-based Security Risk management (SRM) Ltd is addressing the national shortage of top level qualified cyber security consultants by employing individuals with potential and then providing training in house...

What are the common failure points of repeat info-security assessments?

What are the common failure points of repeat info-security assessments?

  Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so..

PCI DSS Version 3.2 is released today – so what has made it through to the final cut?

PCI DSS Version 3.2 is released today – so what has made it through to the final cut?

The eagerly anticipated update to the global Payment Card Industry Data Security Standard (PCI DSS) has been released today, Thursday April 28th 2016. This update to the standard has..

Navigating the minefield of info-security compliance

Navigating the minefield of info-security compliance

A company trying to navigate the minefield of info-security compliance may think of it as a daunting task. On one side is PCI DSS and Data Protection while on..

The real risk of ransomware

The real risk of ransomware

“We do not negotiate with terrorists” is a patriotic statement used by many countries. Does this notion still hold when you risk losing your data? The short answer is..

PCI DSS, Vulnerability Scans and the Trouble with SSL

PCI DSS, Vulnerability Scans and the Trouble with SSL

With the PCI Council set to release version 3.2 of the PCI DSS imminently, the subject of migration away from weak session encryption protocols is becoming a hot topic...

PCI DSS is a useful tool in GDPR compliance

PCI DSS is a useful tool in GDPR compliance

By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..

Learning to love the new EU cyber security regulations

Learning to love the new EU cyber security regulations

2015 ended on a bombshell of legislative changes creating an air of unwelcome uncertainty for businesses. Yet, they need not be a cause for concern. The announcement of the..

Understanding the role of Chief Information Security Officer (CISO)

Understanding the role of Chief Information Security Officer (CISO)

Making a case for the VirtualCISO Few company directors have a deep knowledge of corporate law, or a detailed understanding of investment planning or tax implications. They employ offsite..

GDPR and the strengthening of individual data protection rights

GDPR and the strengthening of individual data protection rights

By Chris Ince, Information Security Consultant “The processing of personal data should be designed to serve mankind.” (Council of the European Union, 2015) On 8th December the European Parliament, Council..

Extra Security for Black Friday and Cyber Monday

Extra Security for Black Friday and Cyber Monday

As major retailers across the country announce the recruitment of additional security staff to safeguard shoppers on Black Friday, it is also time for online businesses to ramp up..

Zen and the Art of PCI Maintenance

Zen and the Art of PCI Maintenance

By Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd “Is it hard?’ Not if you have the right attitudes. It’s having the right attitudes..

Improving the odds

Improving the odds

Data security in the gambling industry by Paul Brennecker, PCI QSA, PCI PFI, PCIP, Principal QSA, Security Risk Management Ltd Complying with the mandatory security regulations within the gambling industry may appear..

FFA 2015 Annual Review Reveals UK Card fraud worth £479 million

FFA 2015 Annual Review Reveals UK Card fraud worth £479 million

by Brian Fenwick, Operations Director Financial Fraud Action UK (FFA UK) has published its 2015 Annual Review. The organisation, which is ‘responsible for leading the collective fight against fraud..

The advantages of P2PE V2

The advantages of P2PE V2

by Paul Brennecker Merchants can enhance data protection and simplify compliance efforts by adopting the PCI-approved point-to-point (P2PE) Standard v 2. Simpler to adhere to than the original version,..

PCI-DSS Penetration Test Requirements

PCI-DSS Penetration Test Requirements

By Paul Brenneker Those who have had involvement with PCI Data Security Standards (PCI-DSS) will know that Penetration Testing has been mandatory since the PCI standard was first issued...

The Importance of Sustaining PCI DSS Compliance

The Importance of Sustaining PCI DSS Compliance

In 2015, the good news is that businesses are getting better at achieving full PCI compliance. In fact, fully compliant organisations rose from 11.1% in 2013 to 20% by..