PCI DSS Compliance: Requirements, Resources & Best Practices

How To Choose The Right Approved Scanning Vendor For Your Company

by RSI Security December 20, 2018July 16, 2025

Making the choice for an approved scanning vendor (ASV) is an important consideration for organizations looking to achieve or maintain compliance with the Payment Card Industry (PCI) requirements. The requirements set forth in the PCI Data Security Standards (PCI DSS) are intended to provide end-to-end security for cardholder data. A central component of the PCI DSS is the requirement for entities covered by the PCI DSS to have regular external scans of their networks and systems. As such, PCI approved scanning vendors occupy a central role in ensuring that organizations covered by PCI DSS achieve and maintain compliance advisory services with these requirements over time.

December 20, 2018July 16, 2025 0 comment

ASV Scanning

What are the PCI ASV Scanning Requirements?

by RSI Security December 20, 2018July 16, 2025

written by RSI Security

The process of understanding the entirety of what Payment Card Industry Data Security Standards (PCI DSS) covers is an extremely daunting task for business decision makers. An increasingly important aspect of Payment Card Industry (PCI) compliance has become maintaining compliance with the Approved Scanning Vendor (ASV) requirements notated within PCI DSS. One of the notable requirements that entities must adhere to are those that cover ASV Scans. These vulnerability scans are quite complex in nature and require many man hours of preparation on the vendor and company side to ensure proper consumer payment card protection in the organization’s cardholder environment.

December 20, 2018July 16, 2025 0 comment

ASV Scanning

ASV Scanning Responsibilities

by Nicholas Giatrelis December 20, 2018July 16, 2025

written by Nicholas Giatrelis

You have determined that you need vulnerability scanning from an approved scanning vendor (ASV), probably because you need to maintain or establish PCI compliance. Most businesses require at least quarterly scanning. You have done your research and selected a vendor, verified they are approved on the PCI website and are ready to get started. There are several parties involved in this process from the Card Brands to the merchant and the ASV. We will discuss the responsibilities of each.

December 20, 2018July 16, 2025 0 comment

EI3PA PCI DSS

What Are the Differences Between PCI DSS and EI3PA Requirements?

by RSI Security September 27, 2018April 21, 2025

written by RSI Security

In 2018 certain industries are under the spotlight more than others and service providers are being watched much more closely. One of the industries that seem to be under fire every week is the security of consumer information. For example, patients in the health care industry are protected with patients rights under HIPAA laws. On the grander scheme, the world has gone futuristic and, unfortunately, that includes criminals. Whether its Macys, Sears or Saks Fifth Avenue, companies big and small have become targets for hackers. Regrettably, the data hacks of stores of any size affect all of us.

September 27, 2018April 21, 2025 0 comment

PCI DSS

Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)

by RSI Security September 25, 2018January 14, 2020

written by RSI Security

Recent statistics have shown that 42% of consumers feel that credit cards are the safest payment option to protect cardholder data for their online purchases. With more consumers focusing on purchasing online rather than via brick and mortar retailers, this means that online retailers must take extra care in monitoring their network resources as they pertain to their cardholder data. Consumers are well within their entitlement to expect that their credit card transaction is secure once it has been processed. However, that expectation might fall short if the pathways that the payment company develops does not securely transmit their cardholder data once the transaction goes through. It is for this reason (and many others) that securing access to network resources for any organization that processes and/or stores credit card payments is critical.

September 25, 2018January 14, 2020 0 comment

PCI DSS

Deploying Secure Systems and Applications (PCI DSS Req. 6)

by RSI Security September 12, 2018November 19, 2024

written by RSI Security

The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa that is built on the backbone of 12 requirements specified in the PCI Data Security Standards (DSS). These requirements were implemented to ensure the continued financial safety of businesses and consumers alike. The number and severity of data breaches constantly on the rise and the PCI DSS requirements are there to provide organizations with the compliance framework they need to maintain a high level of network security.

September 12, 2018November 19, 2024 0 comment

Encryption PCI DSS

Protecting System Components in CDE through Encryption

by RSI Security July 24, 2018December 3, 2024

written by RSI Security

Encrypting your cardholder data environment (CDE) is of paramount importance if youre keen on not just protecting your customers card data, but also salvaging your organizations data security. If your company handles any amount of credit card information, it must comply with the PCI DSS (Payment Card Industry Data Security Standards).

July 24, 2018December 3, 2024 0 comment

PCI DSS

Performing Regular Testing, Risk Analysis, and Addressing Risks

by RSI Security July 24, 2018January 14, 2020

written by RSI Security

Consistently testing and quickly addressing risks to your network security system is not just one of the common security controls that can be looked over, it is imperative to effective and safe performance. If your companys security system does not receive the necessary updates to its infrastructure, it can be potentially devastating for your organization.

Not being on top of these essential tasks can open the door to a myriad of cyber security threats from internal and external sources that could take years to recover from. However your business plans to approach security system testing, you should make sure you efforts fall in line with Payment Card Industry Data Security Standard (PCI DSS) requirements.

July 24, 2018January 14, 2020 0 comment

Firewall PCI DSS

PCI Compliance Firewall Requirements (PCI DSS Req. 1)

by RSI Security July 23, 2018November 19, 2024

written by RSI Security

With the rise of credit cards and online banking, financial theft has gradually shifted away from physical bank robberies to electronic payment fraud. Although payment cards facilitate convenient financial transactions for society, they also offer an ideal opportunity for threat actors to remotely steal a person’s identity or breach a companys information database. While all cybersecurity solutions are important, we want to first dive into how to increase your security across the payment card industry.

July 23, 2018November 19, 2024 0 comment

PCI DSS

Developing a Cybersecurity Policy for Incident Response and Prevention (PCI DSS Req 12.1)

by RSI Security July 23, 2018December 3, 2024

written by RSI Security

Were not even midway through 2018, and this year has already seen some of the most high profile companies and brands become victims to potentially malicious cyber attacks. Delta Airlines, Sears, and Panera Bread are just a few examples of high-profile companies that have had to contend with data breach and unauthorized access by outsiders so far this year.

July 23, 2018December 3, 2024 0 comment