- Credit card insurance companies
- Review of remote locations
- Service Providers and Agents/Sponsors
- FIle Integrity Monitoring?
- Requirement 6.3.3
- Logging and PCI
- Requirement 8 - Unique Accounts
- Requirement 8.5.5 Remove unused user accounts after 90 days
- Quarterly Scans Filing Requirements: the ROC or Acquirer
- PCI Question
- Policy or Procedure?
- PCI DSS Canada
- Requirements for hosting
- Colloboration and Compliance Reporting
- Requirements to HSM
- Private Label Cards and PCI DSS
- Cost of remaining PCI DSS compliant
- Electronic Wallets & PCI
- Is this PAN data?
- DBA Access to Encrypted Data
- Service Provider Certification without CHD
- Difference between ASV and QSA?
- Internet Kiosk
- Sensitive Auth Data?
- Testing requirements. 6.3.1 vs 6.4.3
- Carriers and NFC app.
- CC Data at Rest in Memory
- QSA disputes?
- Requirement 8.5.8
- 4 New PCI SAQ's - SAQ v1.1
- Encrypting the PAN when use primary database key
- Saq "c"
- Storing Encrypted PAN and Truncated PAN together
- Payment Apps of the Past
- Possible to not store CC data in restaurant environment?
- PC-Encrypt software?
- Compensating controls for 3.5.2
- Collecting Cardholder data on behalf of Merchants
- Bank Credit Card Statements
- PC Charge by Verfione
- 2.2.2 definition of unsafe protocols
- Luhn check commercial software recommendation
- Requirement 8. UserIDs & Passwords
- Define truncation
- HSMs becoming a requirement
- Pci 8.4
- PCI PED and de-installation of payment terminals in 2010
- What are the fines that could be imposed?
- Non-PAN Cardholder data
- Leased line
- scanned cheque with PAN
- Encryption of backup media
- Requirement 2.1
- Virtual Slices and PCI DSS 2.2
- PCI and Diagnostic Tools
- SAQ D, part 4
- Section 1 Question
- 1.3.9 question
- 1.3.8 question
- Does use of tokens mean PCI does not apply???
- 9.1.1, CCTV and "Sensitive Areas"
- PABP Validated Apps
- Online backup
- Which is the PCI preferred architecture for a small store?
- 3.6.7 How to prevent unauthorized key substitution?
- ATM's
- Agents enter PAN in WebForm (Payment Service). PCI conform?
- Shared user accounts
- Hosting Provider Contract
- Can systems be out of scope even on same network segement?
- Service Provider level / gateway
- Data Storage
- Encryption 3.6 and Vendor Payment Apps
- Shredding services
- Network segmentation for SMB with standalone CC terminals?
- What to do for this type of "compromise"?
- Session idle timeout
- What is a publicly accessible device 1.3/1.4?
- Isolated PCI environment
- MSSQL Linked Servers
- PAN Truncation on ATM Receipt
- Consumer Interfaces to POS kiosk
- CC Data in test environments
- POS sytems
- SQL 2005 Instances for physical separation?
- SQL 2005 Key Management acceptable?
- SQL 2005 Key Management acceptable?
- Compliance benefits of NOT storing cardholder data?
- Is protection required for encrypted PANs
- Question about network segmentation
- Oracle POS
- Unencrypted PANs in email
- Internet facing IP's Scan
- Encryption and Secure Storage of Backup Media (3.4 and 9.5)
- Cross Site Tracing
- Key management for backup data?
- PAN within Excelsheets etc.
- SAQ 1.1 Classification
- Personal Firewalls (R1.3.9)
- How does PCI apply to handwritten credit card transactions?
- Hearing Impaired Associate
- emailing POS receipt
- Things that make me go hmmmm...
- Cardholder Data Protection?
- Pci-dss 10.2.1 & 10.2.2
- One Function per Server (R2.2.1)
- section 2.1 default passwords
- Unsolicited PANs in free text forms
- McAfee ePO
- "Virtual Terminals" - vs 1.1 Questionnaire "C" or "D"
- Split Knowledge and Dual Control
- Postponing yearly pci audit?
- Logging of Clerk Activities at POS Terminals
- PCI DSS 1.1 requirement 12.10 - question
- File Integrity Monitoring at IP-connected terminals
- Encryption across Frame Relay
- QSA problems?
- PCI-DSS Req 8.5.9 to 8.5.15
- File Integrity Monitoring & Tracking Users?
- PCI-DSS Req. 3.3
- Online software, 3rd party vendor (us) -- question!
- Domain Controllers
- Flying under the level 1 radar
- ISP's and other network providers need to comply?
- PCI Compliant merchant hacked.
- Yet Another scope type question
- 3.3 requirement
- Physical Security of computers used for entering data
- AV & patching for POS
- Application Scanning Requirements
- Questionnaire C
- Is this considered "transmitting"
- Reporting Requirements
- Finding cardholder data
- 1.1 Firewall/Router Rule Review
- PCI-DSS Scope
- internal web-server
- Printed PAN's
- Hannaford Breach questions?
- Encryption plan for card data stored in SQL Server 2000
- Quarterly PCI scan
- Tandem and Compensating Controls
- Data Storage
- Credit Learning Systems
- Does the absense of items on the various SAQs mean they are inapplicable?
- Application Account
- Hashed PAN as Customer ID
- Question about Connected entities (12.10)
- PODCast Mistake
- Audit or assessment?
- Forum Idea - FAQ Sticky Post ?
- L2tp/ipsec Vpn
- Anti-Virus Solution
- Removal of stored CVVs in retrospect
- Data Storage -- Requirement 3
- Pci Report Templates
- Card Holder Data Environment - Scope
- Requirement 9 Clarification Please
- POS compensating controls
- Data Center Camera Recommendations?
- Web Server may not access DB Server?
- ASV Quarterly Scan Results and Compliance Status
- Level 4 requirements
- Here's a thought provoking question
- COM Components for PCI compliance
- Risks around 1.3.2
- How to handle third party in PCI environment
- Large E-mail Data Store with Card Data
- 11.4 IDS/IPS - Core and/or Gateway Required?
- PCI DSS without PAN
- Huge intranet, class as what?
- Windows DEP for AV?
- PCI DSS not working in Asian Banking System
- Data lost by third party
- YASQ (Yet Another Scope Question) - SSH
- Communicating with PCI-SSC, or trying to.
- 12.5.5 Monitor and Control All Access
- ASV Scan Requirements
- POS log
- One Primary Function Per Server
- Card data search tool
- Credit Card Statement Conundrum
- Using WFP
- Network segmentation question
- Requirement 1.4 clarification
- Key Custodians
- Clarification of the 6.6 claritication
- PCI Scope
- Software based WAF for IIS
- Addressing Requirement 8.1
- Vulnerability Scan....focus only on the Highs???
- Ibm Mainframe
- Are Forensic Examinations A Scam?
- Third party question
- Non Validated Application and Compliance.
- Non PCI DSS Compliant Hosting Provider and Audit.
- 1.3.8
- 3.4 Pan
- Cost of Forensic Audit for PCI Breach
- PCI DSS Compliance Deadline.
- ASV scan reports
- 10.2.7 - system-level object
- Real world split key/dual control without a HSM
- black list / hotcard files
- SSL Extension better or worse?
- Anti-Virus Logs
- Requirement 10.x and HP NonStop
- Syslog forwarding agent for MSSQL?
- Lunardi’s grocery store PIN PAD Breach
- Requirement 9.6 Clarification
- Saq C?
- Co-server locations
- Encryption on “Private” Networks?
- PA-DSS list
- Backup of Card Data
- Segmentation and VLANs
- 11.5 and AIX
- Password changes stupid question
- Truncation of Bank Account Numbers
- vulnerability scans
- PCI Requirement 12.8
- Sniffing Card Data @ Dave & Busters
- PCI SSC to release PCI DSS version 1.2 in October 2008
- connected entities/third parties
- PCI DSS and VOIP
- DATA ENCRYPTION - PCI Requirement 3.4
- Signature cpature devices
- Key management on a POS
- Key management on a POS
- Service provider or payment gateway
- Questionnaire "C"
- CC Scan Tools
- Application Logs Req. 3.4
- Business and Personal Liability
- Retired operating systems
- req 9.9
- PCI and SANs
- Franchise & PCI Compliance
- Scoping question regarding remote access to data centre.
- sahring space in our data center
- SAN Drives and Requirement 9.10.2
- ASV requalification question
- PCI DSS requirement 3.4 hash require a salt?
- Wips
- Audit non-integrated EFT company
- FIM/HIPS list
- SAQ D and Standalone Payment Terminals
- Another breach
- PCI DSS requirements for IAM
- Logging all Admin/Root activity (10.2.2)