Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Video
Video
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Schellman Training
Schellman Training
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Subscribe to Weekly Updates

ERIC SAMPSON

Eric Sampson is a Manager at Schellman. Eric began his professional career in 2005 while working as an IT auditor in Philadelphia. Eric executed several critical projects for clients in the areas of information security and Service Organization Controls (SOC) reporting projects. To date, Eric has provided services to clients in the healthcare, information technology, and financial services industries, among others.

Blog Feature

Payment Card Assessments | PCI DSS v4.0

By: ERIC SAMPSON
August 24th, 2023

Among the many changes in the new PCI DSS v4.0 are those regarding requirement 11.4.4, which refers to the remediation of "exploitable vulnerabilities" and "security weaknesses”—though history has more clearly established what is meant by the former, there may be some confusion concerning the latter as organizations continue to make the transition to the new version.

Blog Feature

By: ERIC SAMPSON
October 25th, 2017

Well over a year ago, the PCI Standards Council announced, in addition to other requirements, that a PCI charter would now be required for service providers after January 31, 2018. Few service providers have implemented this yet, but all will soon need one to maintain or achieve PCI compliance.

Blog Feature

News | Payment Card Assessments

By: ERIC SAMPSON
May 12th, 2016

This month, Wal-Mart Stores Inc. sued Visa Inc. for the right to require customers to enter a PIN when using a chip-based debit card. Currently, customers have the option to pass on entering a PIN and write a signature instead. The problem with that, according to Wal-Mart, is that merchants like Wal-Mart must pay about an additional five cents per signature transaction. The Wall Street Journal reports that as the most frequently used form of payment at Wal-Mart, debit card transactions account for 70% of the dollar value of card payments for the retail giant.

Blog Feature

Payment Card Assessments

By: ERIC SAMPSON
April 4th, 2016

Coming in April 2016, the PCI Security Standards Council (SSC) is releasing an incremental update to the PCI DSS in version 3.2. As an incremental update, there are minor changes to the PCI DSS requirements but some of the changes are significant. To the community who implement the PCI DSS, here’s what you need to know:

Blog Feature

Payment Card Assessments | Third Party

By: ERIC SAMPSON
December 10th, 2014

The PCI Security Standards Council (SSC) recently published an information supplement on third-party security assurance that provides a set of guidelines for understanding how to manage third-party service provider (TPSP) relationships and PCI DSS compliance requirements. The guidance applies to entities who use or are considering the use of TPSPs and to the TPSPs themselves, who have access to, or can impact the security of cardholder data (CHD) or the cardholder data environment (CDE). The SSC defines an entity as any organization that has the responsibility to protect card data and may leverage a TPSP to support them in card-processing activities or to secure card data.

Blog Feature

Payment Card Assessments

By: ERIC SAMPSON
October 3rd, 2014

The media has been filled with stories of high profile credit card breaches, including those from Target, Neiman Marcus, P.F. Chang’s and most recently Home Depot. Details on the Home Depot breach are still emerging, but the details around the Target and Neiman Marcus breaches are well known and causing the public to ask if it will happen again?

Blog Feature

Payment Card Assessments

By: ERIC SAMPSON
June 30th, 2014

PCI levels are categories that the PCI Security Standards Council (SCC) and card brands (VISA, MasterCard, American Express, Discover, and JCB) use to determine PCI compliance validation and reporting requirements for both merchants and service providers. The levels are numbered 1 through 4, with 1 at the highest level.