Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.


Welcome to the PCI DSS topic!

Collaborate, contribute, consume and create knowledge around PCI-DSS 2/3, EMV, PCI Cloud and other payment card areas.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
1321 Members
0 Online
11666 Visits

Community Leader



Title: Managing Director, Risk & Compliance

Points: 0

Badge: Observer


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 104 total

Must be a Topic member to contribute
View All »
We are doing acquisitions of companies that have credit card payment processing.  In preparing the merchant accounts for the newly acquired entity, the bank asked whether the newly acquired entity would use its old name or the acquiring company's name as ...
Geri Fultz | 5/22/2018 11:44:45 AM | COMMENTS(0)
I am currently in the middle of an RFP for this years PCI certification and I have a logical confusion in one point. Let me summarize it: -We as a card processing company are located solely in EU region -Clients which we are servicing are located al...
Michal482 | 5/21/2018 5:31:26 AM | COMMENTS(4)
We all know that if you take credit card numbers over the phone, your IP based phone system is generally in scope for PCI DSS. My question is when is comes time provide your system/device inventory do you provide every digital phone as part of the invento...
Vincent084 | 5/10/2018 9:47:56 PM | COMMENTS(8)
Hi all As a card payment processor we sometimes get involved in assisting local or regional police in fraud and criminal investigations. In such cases we are usually considered as a witness, and our fraud team member is required to complete and 'wet-sign'...
Brian419 | 4/17/2018 7:28:23 AM | COMMENTS(3)
Hello, One of my customer. The system is not part of domain and its Windows 2016 standard version. Remote desktop is enabled on this machine. There are following findings with Qualys scanner as per PCI DSS 3.2  1) SSL/TLS protocol 1.0 supported2) SSL cert...
Anand292 | 4/16/2018 1:21:59 AM | COMMENTS(9)
Dear Community Members, A customer of mine (PCI DSS Certified) is currently selling his payment card business (e.g. the payment division) to a third party (not PCI DSS Certified), and I am currently having a discussion regarding to maintain the certif...
Simon Claude440 | 4/6/2018 7:59:37 AM | COMMENTS(3)

Documents & Publications: 12 total

Must be a Topic member to contribute
View All »
Posted by ISACA 1208 days ago
Resource to help organisations better educate personnel on importance of cardholder data security.
Posted by Mark Shutt 1299 days ago
Meet this new document which helps you to meet one or more PCI DSS Requirements with Free and Open Source Software. Your comments / feedback/views on this document are welcomed.
Posted by Rajagopalan S 1415 days ago
Posted by ISACA 1587 days ago

Events & Online Learning: 0 total

No Results Found

Journal Articles: 15 total

Volume 4, 2016
by Robert Clyde, CISM
Ask any merchant and he/she will tell you that accepting credit card payments comes with its own set of security challenges.
Volume 1, 2016
by Tolga Mataracioglu, CISA, CISM, COBIT Foundation, CCNA, CEH, ISO 27001 LA, BS 25999 LA, MCP, MCTS, VCP
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card companies, including Visa, MasterCard, American Express, Discover and JCB.
Volume 1, 2016
by Mark Johnston
In July 2015, CVS became the latest company to fall victim to an apparent breach, this one involving credit card data obtained via its web site for ordering and processing photos.
Volume 3, 2015
by Steve Woo
The adoption of cloud-based retail applications, as well as increasing demands for agility, for example, with pop-up retail, is changing the requirements for network access.
Volume 1, 2014
by Stefan Beissel, Ph.D., CISA, CISSP
To prevent the compromise of systems that contain personal data, all personal data can be replaced by tokens.
Volume 6, 2013
by Anil Vaidya, DBA, CISA, CISM
The proliferation of digital media in every aspect of business has been changing the way businesses run.

Wikis: 3 total

Blog Posts: 10 total

Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
PCI DSS version 3.2 is available for use now and becomes the only valid standard when version 3.1 is retired on 31 October 2016. The new requirements introduced in the standard are considered best practices until 31 January 2018. Starting 1 February 20...
Posted By : Adail703 | 0 comments
and Become More Secure As a penetration tester I find it TOO EASY to fully compromise an internal network – without finding a single “vulnerability”! I spend most of my time on two types of engagements — PCI projects and penetration tests. The pen test...
Posted By : Stewart141 | 0 comments
Anyone who's worked in PCI for more than 5 minutes knows it has serious limitations with regard security. Even security of cardholder data, which is the only type of date to which it relates!That's because PCI DSS was not written with comprehensive securi...
Posted By : David958 | 0 comments
Reducing PCI Scope is an almost universal task for merchants and service providers.  As a QSA I find that most companies don't really know how to do this effectively.  I've put together a blog post on my views on this and would love to hear yours.  http:/...
Posted By : Stewart141 | 1 comments
14 Oct 2014
For those new to PCI Compliance (either a new QSA or other interested party) I have put together a general PCI Compliance Wiki to quickly cover the basis of PCI Compliance. •PCI DSS Standards Overview •History of PCI DSS •Who has to...
Posted By : Stewart141 | 0 comments