(424) 274-1952

Search results for:

PCI DSS Compliance & Certification Philadelphia, PA – Get Certified

18 January 2017
Charles
No comments
Categories: PCI Policy | Policies | Sample Policies and Templates

PCI DSS Compliance & Certification Philadelphia, PA – Get Certified

Businesses in the greater Philadelphia, PA area seeking to become complaint with the Payment Card Industry Data Security Standards (PCI DSS) now have an expert resource, and that’s Materdei Consulting, LLC. Both merchants and service providers storing, processing, and transmitting credit card data must become PCI compliant, so contact us today at pci@pcipolicyportal.com to learn more about ours services and industry leading PCI Policy Packets for helping ensure rapid and swift compliance with the ever-evolving and changing PCI DSS standards.

PCI DSS Compliance & Certification Philadelphia, PA Merchants and Businesses

When it comes to regulatory compliance – particularly with the PCI DSS standards – companies loathe spending time and money on industry specific mandates that aren’t revenue generating products and services. Even with that said, businesses know it’s a mandate and it’s got to be done, which means putting in place all necessary policies, procedures, processes, and practices for ensuring compliance is being met.
Probably one of the biggest reasons why merchants and service providers disdain the thought of becoming PCI DSS compliance is the inability to see any real Return on Investment (ROI). After all, with PCI, you’re not ringing the cash register with profits or selling additional products. But hold on, becoming compliant does help with winning new business contracts requiring such compliance, and it does help ensure the safety and security of cardholder data within one’s environment – so these are good things!

PCI DSS Compliance & Certification Philadelphia, PA – Get Compliant Now!

Compliance – particularly with the PCI DSS standards – can be tough and challenging, so what’s needed for Philadelphia merchants and service providers is proven expertise that’s second to none, and that’s what you’ll receive from Materdei Consulting, LLC. Visit pcipolicyportal.com today to learn more about our industry leading PCI Policy Packets and consulting services. If you had to choose between spending hundreds of hours writing policies or doing your daily workload, we think you’ll probably want to do what you’re good at, so leave the policy writing – and compliance consulting – to the experts today at Materdei Consulting, LLC.

Instantly Download your PCI DSS Policy Toolkit Today!

What’s the most time-consuming, demanding, and exhaustive aspect of becoming compliant with the Payment Card Industry Data Security Standards (PCI DSS)? If you said policy and procedures writing, then you’re 100% correct. After all, who has hundreds of hours and thousands of dollars to spend on authoring PCI policies and procedures? Not you, and it’s why merchants and service providers all throughout the globe turn to pcipolicyportal.com and our award-winning, industry leading PCI Policy Packets. Visit pcipolicyportal.com today to learn more. Hey Philadelphia businesses – want to become PCI DSS compliant quickly, comprehensively, and cost-effectively? Then talk to the experts at pcipolicyportal.com today. Email us at pci@pcipolicyportal.com or call us at 424-274-1952.

The new digital millennium is here, and has forever changed the entire world, and this is largely due to the great influx of information technology. Aligned with the new digital world is the payments industry, one that continues to grow and rapidly evolve with new and innovative tools, all of which ultimately require some form of regulatory compliance assessment/audit/certification. Bottom line, PCI DSS compliance is here to stay, so roll up those sleeves and get compliant – now! Lastly, don’t forget that PCI compliance is not a point-in-time, one-stop event – not at all – Philadelphia businesses handling credit card data must continue to be compliant each year, which can be challenging. Need assistance, then contact the PCI DSS experts today at Materdei Consulting, LLC by emailing us at pci@pcipolicyportal.com.

PCI SAQ A vs. A-EP – What you need to Know

10 January 2017
Charles
No comments

PCI SAQ A vs. A-EP Overview for e-Commerce Merchants

The PCI SAQ A vs PCI SAQ A-EP discussion seems to be a hot topic with many of today’s e-commerce merchants and for good reason. After all, for years, the vast majority of e-commerce merchants were able to successfully validate PCI DSS compliance by using the simple and easy-to-implement SAQ A guidelines. But that’s all changed as the bigger, meaner, and more complex SAQ A-EP has arrived on the scene. Call it the playground bully of PCI DSS compliance for e-commerce merchants as it’s causing a lot of headaches and sleepless nights.

PCI SAQ A vs A-EP – Which One to Use and Why?

Is the Payment Card Industry Security Standards Council (PCI SSC) just trying to make life hard for e-commerce businesses – no – but it sure seems that way, doesn’t it. The old days of simply complying with SAQ A are long gone, so here’s what you need to know about SAQ A vs. A-EP from pcipolicyportal.com, the world’s leading authority and provider of PCI DSS Policies and Procedures and PCI Compliance Toolkits. From policies to risk assessment templates, security awareness training materials – and more – we are the unquestioned leader for PCI DSS compliance documentation. Visit pcipolicyportal.com to learn more.

Can you use SAQ A instead of SAQ A-EP? Good question, so first ask yourself the following questions:

  • Does your company accept only card-not-present (e-commerce or mail/telephone-order) transactions?
  • Is all processing of cardholder data entirely outsourced to PCI DSS validated third-party service providers?
  • Do you NOT electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions?
  • Have you confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant?
  • For any cardholder data your company retains, is it ONLY on paper (for example, printed reports or receipts), and these documents are not received electronically?

SAQ A vs A-EP – The One BIG Question to Ask Yourself

Answered yes to the above questions – great – one more question left, and it’s the one question that’s unfortunately resulting in many e-commerce merchants having to assess against SAQ A-EP:

Do all elements of the payment page(s) delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s)?

So what does “all elements of the payment page(s) delivered to the consumers’ browser” really mean? It means the following: That the payment page being served up to the end-user’s browser is a page developed, configured, secured, managed, and hosted by another entity, such as a payment processor, gateway, etc. It’s important to note that prior to the release of SAQ A-EP, many e-commerce merchants may have felt they were eligible for SAQ A because their web server does not store, process, or transmit cardholder data. As a result, these web servers failed to have sufficient security controls applied to them and now have become common targets for attackers as a means to compromise cardholder data. That being said, if all elements of the payment page(s) delivered to the consumer’s browser do NOT originate only and directly from a PCI DSS validated third-party service provider(s), then you CANNOT use SAQ A and must use SAQ A-EP – it’s just the cold hard truth.

Learn about the Different Payment Integration Platforms

With that said, you need to be aware of the following payment integration offerings/platforms:

Direct Post/Transparent Redirect: Direct Post or Transparent Redirect are essentially the same, which is a process involves one’s web platform that results in “serving up” a payment page including fields to capture cardholder data, with these fields posting the cardholder data directly to your payment gateway, thus bypassing your web server. While the form that capturing the cardholder data is effectively served up from your web server, the data, however, is sent directly to the payment gateway.

JavaScript: JavaScript is a programming language used to make web pages interactive. It runs on your visitor’s computer and doesn’t require constant downloads from your website. JavaScript is often used to create polls and quizzes.

iFrame: An iFrame is an inline frame used inside a webpage to load another HTML document inside it.
Hosted Page: A page that is developed, configured, secured, managed, and hosted by another entity, thus allowing consumers to enter cardholder data directly onto a secure server being hosted by an entity other than you.

Examples of e-commerce implementations addressed by SAQ A

  • Merchant has no access to their website, and the website is entirely hosted and managed by a compliant third-party payment processor
  • Merchant website provides an inline frame (iFrame) to a PCI DSS compliant third-party processor facilitating the payment process.
  • Merchant website contains a URL link redirecting users from merchant website to a PCI DSS compliant third-party processor facilitating the payment process.

Download our SAQ A Policy Packet Today and Get Compliant!

Becoming compliant with SAQ A requires merchants to have documented policies and procedures in place, but developing such materials can often take considerable time and money, so the easy choice is to instantly download the SAQ A Policy Packet today from pcipolicyportal.com. Developed by industry leading PCI experts, the SAQ A Policy Packet contains all the essential policies, forms, and other material for helping merchants become PCI DSS compliant – quickly and cost-effectively.

Access our SAQ A-EP Policy Packet Today from pcipolicyportal.com!

Need to become compliant with SAQ A-EP, then you’ll need to develop a large number of policies and procedures, undertake security awareness training, perform a risk assessment, along with many other initiatives. The mandates for SAQ A-EP can be quite challenging as this is one of the more lengthier and complex Self-Assessment Questionnaires, and add to the fact of all the policies that are required, SAQ A-EP quickly becomes a task indeed. Luckily, you can have hundreds of hours and thousands of dollars by simply downloading the SAQ A-EP Policy Packet today from pcipolicyportal.com. Developed by one of North America’s longest licensed PCI-QSA’s, the SAQ A-EP Policy Packet contains all the policies, forms, checklist, and templates needed for becoming PCI compliant.  The SAQ A vs A-EP debate will surely continue, and pcipolicyportal.com will there to bring you the latest information and news.

You're In

We just sent our latest PCI DSS Starter Toolkit right to your inbox.

You're In

Be sure to check your inbox... we just sent you our latest PCI DSS Starter Toolkit.

Where can we send your free PCI DSS Toolkit?

Privacy - We hate spam too and promise to keep your email address safe!

FREE PCI DSS

TOOLKIT

Access our most powerful toolkit yet!
Here’s what’s included…

  • InfoSec Policy Templates Written to Exact PCI DSS Specifications
  • PCI DSS Specific Incident Response Plan Program Template
  • Comprehensive Risk Assessment Policy and Procedures Template
  • Complimentary PCI DSS Security Awareness Training Program