Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
Merchants should always contact their acquirer (merchant bank), or payment brand directly to understand their compliance validation obligations, including which SAQ they may be eligible to use. Contact details for the payment brands can be found at the end of this post.
For multiple payment channels, it may be possible for a merchant to complete a different SAQ for each payment channel, or for a single SAQ to be used that addresses all the requirements for all channels combined.
If different SAQs are used, each channel must meet the eligibility criteria for the applicable SAQ, and adequate network segmentation must be in place to isolate the different channels.
In all cases, details of the environment(s) covered by a SAQ must be documented in the Attestation of Compliance, Part 2: Executive Summary.
The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes, and ...
