Get in Touch
Access - Portal Portal

Author: Andrew Gilhooley

New Guidance for PCI DSS v4.0 SAQ-A Eligibility Criteria

After the PCI SSC dropped the revised SAQ-A at the end of January 2025, a FAQ (1588) has been issued to clarify how to meet the new eligibility criteria in lieu of some controls being removed from scope. A quick refresher on the changes … “The merchant has confirmed that their site is not susceptible to attacks […]

How does PCI DSS v4.0 affect an entities website compliance?

PCI DSS is not a new thing, in fact, it has been around since December 2004. As with any security programme it has been regularly updated to ensure it is fit for purpose in the modern day. It’s due another major change moving from its current iteration (3.2.1) to Version 4.0. The latest version is […]

ChatGPT: An Overview of Potential Security Vulnerabilities

ChatGPT is on everybody’s lips. LinkedIn is awash with posts. It’s a hot topic. Depending on what you read, it’s going to improve the world, put us all out of jobs and/or send a T800 to 1984 to kill Sarah Connor. We thought we would jump on the bandwagon and ask it a question of […]

Social Engineering: Smishing & Vishing

On Thursday, 24th November 2022 the Met Police lifted the media embargo to report on the largest fraud case because of social engineering. It has been reported that £48M has been taken collectively, with one victim reportedly losing £3m. Sky News’ report can be read here:  UK’s Biggest Fraud Sting Takes Down Phone Bank Scam that […]

PCI DSS version 4.0 Release Schedule

The PCI SSC has announced that PCI DSS version 4.0 is scheduled for publication at the end of March 2022. A number of our QSA clients have been longing for a peek at the draft version, however I’ve signed my life away under a non-disclosure agreement with the PCI SSC so I’m still obligated to […]

Time is Running out for E-Commerce Merchants Running Magento Version 1.x

E-Commerce merchants who are still using Magento version 1.x as their on-line shopping cart will soon run out of time to move to a supported version! When Magento version 2.0 was released back in November 2015, E-Commerce merchants and developers were informed that Magento version 1 had a limited shelf life and would become obsolete. The initial end of life date given was November 2018, however push back from developers and merchants alike resulted in a revised end of life date of June 2020. As an experienced Information Security Consultant and PCI QSA one of the

PCI DSS v3.2.1 Regular Tasks

To maintain PCI DSS compliance, there are a number of tasks which must be conducted on a regular basis. I’ve taken the liberty of collating all of these regular tasks into one table. Where the frequency of a task is “regular” or “periodic”, I have made a recommendation based upon my experience as a QSA. Dependant upon the environment and threat landscape, it could be justified for these indeterminate frequencies to shift in either direction. Note that this table assumes a SAQ-D equivalent environment with all PCI DSS controls being in-play. The shape of the regular

Lies, damned lies and PCI DSS compliant E-Commerce hosting and service provision

As a PCI DSS Qualified Security Assessor, I’ve had this conversation far too many times now. Many hosting providers make claims of PCI DSS compliance, however when trying to verify that compliance we are met with obfuscation and frustration. I have seen so many certificates, ASV scan reports, merchant attestations and other documents which service […]

Is a present really a present?

The January blues are in full-flow around the nation and not only am I in a grump but I’m being massively ungrateful to boot! Allow me to explain. This year, we moved to lovely new serviced offices and to prove that I’m not always in a crank, we participated in Secret Santa with the other companies who share […]