Envoy Data provides products and solutions that will meet your agency and clients needs to become SOX/PCI compliant.
Sarbanes-Oxley: The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long.
PCI Compliance: No business is ever completely secure, but companies can mitigate their risk and make it much harder and more resource intensive for anyone to breach their defenses. Becoming PCI DSS (Data Security Standard) compliant provides baseline security and is a great first step. But it is critical to implement both the spirit and the letter of the standard.
The payment card industry (PCI) denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.
- Pre-Authorization And Post-Authorization (Part 2)I discussed the concept of pre-authorization in a prior post. Now it is time to cover post-authorization (aka “post-auth”) and the PCI requirements it drives. Post-authorization is where the PCI DSS got started even though pre-authorization was always present. That is because it was in post-authorization where merchants were losing cardholder data (CHD). While this […]
- Pre-Authorization And Post-Authorization (Part 1)Welcome to a new year. I have had a number of interactions with a variety of people over the previous year and it has become obvious that the concepts of pre-authorization and post-authorization data is not clear to a lot of people. These two concepts are a key part of understanding PCI compliance. I will […]
- Q4 2017 QSA UpdateOn December 7, 2017, the Council held their last QSA Quarterly Webinar for the year. The following are the more notable tidbits offered up that should be passed around so that everyone has the information. The Next Revisions Of The PCI DSS And PA-DSS Emma Sutcliffe had a quick discussion of updates to the PCI […]
- Deadlines Coming SoonA good reminder that there are a number of deadlines coming in January 2018. PCI Requirement Changes Coming in 2018
- Chrome And RedirectsA bunch of us saw this Wired article the other day and began thinking, “I wonder if this will screw up any of our clients’ eCommerce sites?” After all, a LOT of eCommerce sites went with redirects to reduce their PCI scope, so there is a big potential here for issues if Google does not […]
- Can A QSA Rely On An ISA’s Assessment Work?Questions have been asked at various Community Meetings over the years regarding reliance on internal and external audits, but none of us discussing this question could remember anyone asking the Council about ISAs. The reason this issue repeatedly comes up is due to organizational audit fatigue. With standards such as PCI, NIST, ISO and the […]
- Interesting Tidbits Out Of The PCI European Community Meeting Assessors SessionUsually the European Community Meeting uneventfully passes because everyone reads the slide decks, Twitter feeds and feedback from the North American CM. However, with the cancellation of this year’s North American CM due to Hurricane Irma, that gave the EU CM the spotlight. While we will all get the slide decks (and supposedly videos) via […]
- What Are You Really Interested In?PCI is all about compliance, not security.
- The Party Is OffHere is the official announcement from the PCI SSC that this year’s North American Community Meeting in Orlando has been cancelled due to Hurricane Irma. https://www.pcisecuritystandards.org/nacm2017_schedule_irma See you all next year.
- PCI Compliance And Financial InstitutionsI remember being at one of the early PCI Community Meetings and someone from the PCI SSC promised that the PCI DSS would be periodically updated to reflect changing business conditions as well as changing threats. Here we are more than a decade later, and we have version 3.2 of the DSS, but it has […]