Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Eric Sampson

Eric Sampson is a Director at Schellman, where he helps lead the PCI practice and works with clients across industries including merchants, cloud and technology service providers, healthcare, eCommerce, and financial services. With over 20 years of experience, Eric has guided hundreds of client engagements in areas including PCI, SOC, WebTrust for Certification Authorities, HIPAA, Federal PKI, and agreed-upon procedures.

Blog Feature

Payment Card Assessments

By: Eric Sampson
August 24th, 2023

Among the many changes in the new PCI DSS v4.0 are those regarding requirement 11.4.4, which refers to the remediation of "exploitable vulnerabilities" and "security weaknesses”—though history has more clearly established what is meant by the former, there may be some confusion concerning the latter as organizations continue to make the transition to the new version.

Blog Feature

By: Eric Sampson
October 25th, 2017

Well over a year ago, the PCI Standards Council announced, in addition to other requirements, that a PCI charter would now be required for service providers after January 31, 2018. Few service providers have implemented this yet, but all will soon need one to maintain or achieve PCI compliance.

Blog Feature

Payment Card Assessments

By: Eric Sampson
October 3rd, 2014

The media has been filled with stories of high profile credit card breaches, including those from Target, Neiman Marcus, P.F. Chang’s and most recently Home Depot. Details on the Home Depot breach are still emerging, but the details around the Target and Neiman Marcus breaches are well known and causing the public to ask if it will happen again?

Blog Feature

Payment Card Assessments | PCI DSS

By: Eric Sampson
June 30th, 2014

If your business has been flagged as needing a PCI DSS assessment because you're classified as a "Merchant Level 2" (or Level 1, 3, or 4), you're probably wondering: What does that actually mean? And more likely, what’s the difference between these levels, anyway?

{