Most card payments software products are proprietary solutions, developed either in-house or to be sold commercially. Because of this there isn’t much out in the open source world to help you develop your own custom solution. However, there are a few libraries out there that are worth a mention, particularly for simulating and testing HSM…
Author: Pete
Choosing Open Source Software for PCI DSS
I’m researching a longer article on some specific software solutions. It caused me to realize that there’s value in creating a checklist of what to look for when trawling github for open source software to use with your payments platform. In doing so, I think I can make a couple of safe assumptions: If you…
PCI Dream Team Episode List [Updated]
Most PCI Dream Team events are available for public viewing on BrightTalk, but they don’t currently have a dedicated channel. A list all known events which are available for free viewing are posted below, for easy reference. Note that these events are in reverse order by time. The most recent, and potentially relevant, are at…
2020: The year in PCI DSS Compliance
This has been a very strange year overall. The effects of COVID-19 caused both massive disruption, and have the potential to cast a long shadow. However, for those of us in the payments space business has continued, and there have been milestones in the PCI world. Remote Assessments Perhaps the biggest direct impact to PCI…
Happy First Anniversary to me!
It’s a full year since I registered pcijourney.com, and what a year it’s been. At that time, there were some people in the world who’d heard of COVID-19, but most people were oblivious. Certainly I had no idea what was coming for us. The year of COVID really changed what I was doing, and what…
When does PCI DSS v4.0 take effect?
Version 4.0 of the PCI DSS is currently in draft status, and has not yet been finalized. Because of this, nobody knows for sure exactly when the new standard will take effect, as it’s still subject to change. What we do know is that when the final version of the new standard is released, it…
PCI DSS 4.0 RFC – second draft
Version 4.0 of the PCI DSS has been a long time coming, and still won’t be here for a while yet. The PCI Council is actively engaging with the community to develop the new version of the standard through their RFC – Request For Comments – process. Unfortunately, you won’t see much if anything discussed…
Which PCI DSS SAQ do I use?
If you’re looking to use a PCI DSS SAQ, this implies you’re eligible to assess your PCI DSS compliance using a Self Assessment Questionnaire. Can I use a PCI SAQ? Eligibility for this is determined by the card brands themselves, rather than the PCI Security Standards Council. This is ultimately determined by what level the…
What is a PCI ASV and what do they do?
If you’re just entering the world of PCI DSS compliance, you’re going to learn that ASVs are very important. For even the lowest levels of merchants and service providers, the one thing required other than completing an annual Self Assessment Questionnaire (SAQ) is to conduct quarterly ASV scans. So what exactly is an ASV? An…
PCI Software Security Framework goes live
It’s been a big week in the PCI world. Not only do we get a new guidance document for large organizations, but the PCI Software Security Framework is now fully operational. In a sense, the PCI Software Security Framework has been live since the press release announcing it on January 16, 2019. The program documents…
