Companies recertifying for the second or third year of PCI compliance are having a rough go of things as of late. A combination of the latest clarifications within the revised PCI DSS standard, along with the recent scoring matrix that compels assessors to ensure they have done a thorough job as part of the review, have caught an unfortunate number [continue]

A number of dynamics are at work that have made attaining PCI compliance a more difficult proposition over previous years. The guidance assessors are receiving from the PCI Council is that evidence must be provided that demonstrates your Infosec program is in place and functioning as designed. Expect to respond to requests for multiple change records that cover [continue]