Eric Sampson is a Manager at Schellman. Eric began his professional career in 2005 while working as an IT auditor in Philadelphia. Eric executed several critical projects for clients in the areas of information security and Service Organization Controls (SOC) reporting projects. To date, Eric has provided services to clients in the healthcare, information technology, and financial services industries, among others.
Payment Card Assessments | PCI DSS v4.0
By:
ERIC SAMPSON
August 24th, 2023
Among the many changes in the new PCI DSS v4.0 are those regarding requirement 11.4.4, which refers to the remediation of "exploitable vulnerabilities" and "security weaknesses”—though history has more clearly established what is meant by the former, there may be some confusion concerning the latter as organizations continue to make the transition to the new version.
By:
ERIC SAMPSON
October 25th, 2017
Well over a year ago, the PCI Standards Council announced, in addition to other requirements, that a PCI charter would now be required for service providers after January 31, 2018. Few service providers have implemented this yet, but all will soon need one to maintain or achieve PCI compliance.
News | Payment Card Assessments
By:
ERIC SAMPSON
May 12th, 2016
This month, Wal-Mart Stores Inc. sued Visa Inc. for the right to require customers to enter a PIN when using a chip-based debit card. Currently, customers have the option to pass on entering a PIN and write a signature instead. The problem with that, according to Wal-Mart, is that merchants like Wal-Mart must pay about an additional five cents per signature transaction. The Wall Street Journal reports that as the most frequently used form of payment at Wal-Mart, debit card transactions account for 70% of the dollar value of card payments for the retail giant.
By:
ERIC SAMPSON
April 4th, 2016
Coming in April 2016, the PCI Security Standards Council (SSC) is releasing an incremental update to the PCI DSS in version 3.2. As an incremental update, there are minor changes to the PCI DSS requirements but some of the changes are significant. To the community who implement the PCI DSS, here’s what you need to know:
Payment Card Assessments | Third Party
By:
ERIC SAMPSON
December 10th, 2014
The PCI Security Standards Council (SSC) recently published an information supplement on third-party security assurance that provides a set of guidelines for understanding how to manage third-party service provider (TPSP) relationships and PCI DSS compliance requirements. The guidance applies to entities who use or are considering the use of TPSPs and to the TPSPs themselves, who have access to, or can impact the security of cardholder data (CHD) or the cardholder data environment (CDE). The SSC defines an entity as any organization that has the responsibility to protect card data and may leverage a TPSP to support them in card-processing activities or to secure card data.
By:
ERIC SAMPSON
October 3rd, 2014
The media has been filled with stories of high profile credit card breaches, including those from Target, Neiman Marcus, P.F. Chang’s and most recently Home Depot. Details on the Home Depot breach are still emerging, but the details around the Target and Neiman Marcus breaches are well known and causing the public to ask if it will happen again?
By:
ERIC SAMPSON
June 30th, 2014
PCI levels are categories that the PCI Security Standards Council (SCC) and card brands (VISA, MasterCard, American Express, Discover, and JCB) use to determine PCI compliance validation and reporting requirements for both merchants and service providers. The levels are numbered 1 through 4, with 1 at the highest level.