In this January edition of the PCI Monthly Update, we’re on the brink of exciting changes with version 4.0 just around the corner! We start with a spotlight on the ongoing Request for Comments (RFC) period for PCI DSS v4.0, inviting insights from industry experts. Plus, we discuss the Global Content Library, showcasing insights from the 2023 Community Meetings. Our focus then shifts to Requirement 9, where we break down the critical protocols for restricting physical access to cardholder data. We'll cover everything from documenting security policies to managing visitor access, ensuring secure ..read more

Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment highlighting the PCI SSC's TRA Guidance. Next, we delve into Requirement 8 of the PCI DSS, dedicated to identifying users and authenticating access to system components. We'll explore the intricate details of this requirement, covering sub-requirements 8.1 to 8.6. These discussions will include processes for user identification, strict management of user and administrator accounts, strong authentication methods ..read more

Dive into the latest in the PCI landscape with our October update. We kick off with a news segment spotlighting the new SAQ SPOC (Software PIN Entry on COTS) which includes portions of PCI DSS Requirements 3, 8, 9, and 12. Transitioning to Requirement 7, we discuss restricting access to system components and cardholder data based on business necessity, delving into sub-requirements 7.1 to 7.3, and discussing the principles of 'need to know' and 'least privileges.' Our QSA Q&A segment addresses the applicability of Requirement 7 to customer/cardholder accounts, clarifying the scope and ..read more

Catch the latest news in our September "PCI Monthly Update" from Tuesday, September 26, 2023. We kick things off with key insights from the recent PCI Community Meeting. Next, we dive into Requirement 6, discussing the essence of secure software development, from processes to security vulnerabilities, web application protection, and change management. Our QSA Q&A segment addresses a vital question: What documentation should you expect from PCI DSS compliant service providers? Join us for a succinct roundup of September's essential PCI updates and insights. Perfect for both newcomers and se ..read more

Tune in to the August edition of our PCI Monthly Update. We kick off with a sneak peek into the upcoming PCI North America Community Meeting in Portland and introduce the newly launched PCI Community Job Board—a dedicated platform for security talent and job postings in the payment industry. Next, we delve into Requirement 5, shedding light on anti-malware solutions. We explore the criteria for system components which do not require anti-malware, delve into the specifics of anti-malware implementation, and highlight the periodic evaluations required for maintaining optimal security. Wrapping u ..read more

Dive into the latest PCI news in our July PCI Update. This episode covers key PCI developments, an in-depth exploration of Requirement 4, and a helpful QSA Q&A. We kick off this episode by previewing the upcoming PCI Community Meeting in Portland and discuss our hosts' presentation on "Generative AI: Your New Secret Weapon or an Insider Threat?" We also talk about the INFI worksheet and the importance of Continuous Compliance. In the Requirement 4 segment, we focus on strong cryptography, robust security protocols, and the need to secure PAN during transmission over public networks. We hig ..read more

Do you know the average payout organizations are hit with for every attack? William Parks and Bill Dean discuss a service dedicated to helping your organization (big or small) withstand a ransomware attack. Bill and his team are ready to help you and your organization obtain peace of mind when it comes to these advanced threats.  Questions for Bill? Find him here: bill.dean@lbmc.com ..read more

LBMC Shareholder Bill Dean and William Parks spend today’s episode discussing Advance Guard, a new service offering from LBMC's Security Technical Team. Learn how Advance Guard may help protect your organization's most valuable assets, save time on compliance audits, and give peace of mind about your current security stance.  Want to see Bill’s “Prescription”? Check out the link below: https://www.lbmc.com/wp-content/uploads/2023/01/AdvanceGuard-Sample-Schedule.pdf Questions for Bill? Find him here: bill.dean@lbmc.com ..read more

Stay up to date with the latest in PCI compliance. In this episode, William Parks, Andy Kerr, and Kyle Hinterberg discuss the latest in PCI news, new restrictions around PAN data, and how to master Requirement 3 while preparing for PCI 4.0. Don't miss our upcoming webinar: "How to Reduce Your PCI Scope: Tips & Technology Your Organization Needs to Know" on Thursday, April 13 at 11am CT. Register Now! For any questions, feel free to reach out to us here: Kyle Hinterberg: kyle.hinterberg@lbmc.com Andy Kerr: andy.kerr@lbmc.com William Parks: william.parks@lbmc.com ..read more

ChatGPT is making headlines worldwide and its impact is making a lot of business owners uncomfortable. What is ChatGPT? How will this tool change how you do business? Is ChatGPT a security risk? What to expect from ChatGPT4? William Parks interviews LBMC's Data Insights team members to discuss this controversial topic, dive into facts your organization needs to know, and explore probable scenarios that could happen with this level of Artificial Intelligence. Want more insights? Contact LBMC's Data Insights team: Jon Hilton, Shareholder (jon.hilton@lbmc.com) Will Son, Senior Manager (will.son@l ..read more