Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.


Welcome to the PCI DSS topic!

Collaborate, contribute, consume and create knowledge around PCI-DSS 2/3, EMV, PCI Cloud and other payment card areas.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1297 Members
6 Online
11438 Visits

Community Leader



Points: 3407

Badge: Social


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 94 total

Must be a Topic member to contribute
View All »
Hi Team, One of my customer is facing an issue about the vulnerability scan and its fix. Actually he is using an ASV (approved Scan Vendor) to scan the vulnerabilities within the perimeter and found that there is a vulnerability about "HTTP Security Heade...
Anand292 | 2/22/2018 1:18:03 PM | COMMENTS(4)
Hi,PCI DSS 3.2 requirement 5 says that AntiVirus/ anti malware should be on all vulnerable Operating Systems but CyberArk(PIM) team says that system which has CyberArk Vault should not carry the Anti-virus/Anti-Malware software.  I tried to explain CyberA...
Anand292 | 1/19/2018 3:32:29 AM | COMMENTS(7)
Hacker Noon: "I’m harvesting credit card numbers and passwords from your site. Here’s how." - good reading for everyone working on PCI and much more, post by David Gilbertson. Link:
Dragan Pleskonjic | 1/9/2018 7:28:03 AM | COMMENTS(0)
I am reviewing our current program and hoping anyone can share their current PCI program workflows. Thanks!
Nicole768 | 12/25/2017 3:05:42 AM | COMMENTS(2)
Is there a list of Training services providers to provide the PCI mandated Training for the Payment Application Vendor personnel as per PA-DSS 5.1.17 and PA DSS 14.1?Thanks in advance
SAVANT | 11/6/2017 8:19:31 PM | COMMENTS(5)
Most of the security framework suggests to perform wireless scanning in the operational and critical areas of the organization. One of the reason is to ensure any internal wireless access points should be secured to ensure no member can misuse wireless po...
PramodLNS | 9/5/2017 11:13:25 PM | COMMENTS(5)

Documents & Publications: 12 total

Must be a Topic member to contribute
View All »
Posted by ISACA 1115 days ago
Resource to help organisations better educate personnel on importance of cardholder data security.
Posted by Mark Shutt 1205 days ago
Meet this new document which helps you to meet one or more PCI DSS Requirements with Free and Open Source Software. Your comments / feedback/views on this document are welcomed.
Posted by Rajagopalan S 1321 days ago
Posted by ISACA 1493 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 15 total

Volume 4, 2016
by Robert Clyde, CISM
Ask any merchant and he/she will tell you that accepting credit card payments comes with its own set of security challenges.
Volume 1, 2016
by Mark Johnston
In July 2015, CVS became the latest company to fall victim to an apparent breach, this one involving credit card data obtained via its web site for ordering and processing photos.
Volume 1, 2016
by Tolga Mataracioglu, CISA, CISM, COBIT Foundation, CCNA, CEH, ISO 27001 LA, BS 25999 LA, MCP, MCTS, VCP
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card companies, including Visa, MasterCard, American Express, Discover and JCB.
Volume 3, 2015
by Steve Woo
The adoption of cloud-based retail applications, as well as increasing demands for agility, for example, with pop-up retail, is changing the requirements for network access.
Volume 1, 2014
by Stefan Beissel, Ph.D., CISA, CISSP
To prevent the compromise of systems that contain personal data, all personal data can be replaced by tokens.
Volume 6, 2013
by Anil Vaidya, DBA, CISA, CISM
The proliferation of digital media in every aspect of business has been changing the way businesses run.

Wikis: 3 total

Blog Posts: 10 total

Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
PCI DSS version 3.2 is available for use now and becomes the only valid standard when version 3.1 is retired on 31 October 2016. The new requirements introduced in the standard are considered best practices until 31 January 2018. Starting 1 February 20...
Posted By : Adail703 | 0 comments
and Become More Secure As a penetration tester I find it TOO EASY to fully compromise an internal network – without finding a single “vulnerability”! I spend most of my time on two types of engagements — PCI projects and penetration tests. The pen test...
Posted By : Stewart141 | 0 comments
Anyone who's worked in PCI for more than 5 minutes knows it has serious limitations with regard security. Even security of cardholder data, which is the only type of date to which it relates!That's because PCI DSS was not written with comprehensive securi...
Posted By : David958 | 0 comments
Reducing PCI Scope is an almost universal task for merchants and service providers.  As a QSA I find that most companies don't really know how to do this effectively.  I've put together a blog post on my views on this and would love to hear yours.  http:/...
Posted By : Stewart141 | 1 comments
14 Oct 2014
For those new to PCI Compliance (either a new QSA or other interested party) I have put together a general PCI Compliance Wiki to quickly cover the basis of PCI Compliance. •PCI DSS Standards Overview •History of PCI DSS •Who has to...
Posted By : Stewart141 | 0 comments