<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">
Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

Blog Feature

PCI

By: Schellman
May 27th, 2021

Earlier this month, Oracle Cloud Infrastructure (OCI) published a Reference Architecture allowing merchants to use OCI resources to quickly build an environment that can help meet the intent and rigor of the Payment Card Industry Data Security Standard (PCI DSS). As merchants looking to get into the business of taking credit card transactions online often encounter additional challenges in architecting a secure and available framework that meets industry standards—such as PCI DSS—this Reference Architecture should now help alleviate some of that confusion surrounding initial compliance while also demystifying some of the other, more confusing aspects of the standard.  Having had the privilege of working with the team at OCI, Schellman reviewed the OCI Reference Architecture as an independent assessor—during that process, we found some key advantages that are outlined below:

Blog Feature

Payment Card Industry (PCI) Data Security | PCI

By: MATT CRANE
September 6th, 2018

Here we are again, off to the races on a fresh new release of the Payment Card Industry Security Standards Council’s (PCI SSC) flagship security standard PCI-DSS v 3.2.1. Aside from an exciting new version that sounds like a countdown, there are some changes that organizations storing, processing or transmitting cardholder data need to know about. The most notable change is that the council no longer considers SSL v3 and early versions of TLS an acceptable means to protect cardholder data (CHD), system administration, or authentication credentials.  Some other minor updates made were removing past dated best practice requirements and formatting changes to the reporting template. 

Blog Feature

Payment Card Industry (PCI) Data Security | PCI | Pen Testing

By: KATE DONOFRIO
August 22nd, 2017

As a follow-up to the "What 2018 Means for Your PCI DSS Assessment" article I posted, a client of mine had a great question regarding the future date for the semi-annual segmentation penetration test requirement for service providers.  They were curious what the February 1, 2018 date meant specifically for their compliance. For instance, if they previously completed a segmentation penetration test in August 2017, would they be required to perform another test six months later, as the requirement would be applicable on February 1, 2018?  Or, would they instead be required to perform a segmentation penetration test six months from the February 1, 2018 date?

Blog Feature

PCI

By: KATE DONOFRIO
April 17th, 2017

Some of you may have just read the blog title and believe I made a typo on the year, but no, I am here to talk about PCI DSS in 2018. I know it seems crazy to be discussing 2018, as we are all just getting settled into 2017, but at the realization that it is already April, and somehow January, February, and March flew by like I was in a warp tunnel, I feel it’s appropriate to start discussing 2018.

Blog Feature

PCI

By: PHIL DORCZUK
March 22nd, 2017

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications.  It is notably different than working within traditional virtualization environments, and/or “standard” image-based cloud deployments at Amazon or Microsoft.  With that comes opportunity for deployment engineers, but also challenges for security and compliance professionals.  This post provides you with some perspective on technical architecture for Docker and specific use cases for configuring Docker containers for PCI compliance.  Where I could, I provide screenshots and examples for a test Docker environment created for this purpose.  

Blog Feature

PCI

By: KATE DONOFRIO
February 1st, 2017

As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and Segmentation was released to all December 2016.

Blog Feature

PCI | Education

By: KYLE YOUNG
December 8th, 2016

What keeps security professionals up at night isn’t the idea of outsider threats attacking their companies—it’s their employees. Nearly 61 percent of security leaders surveyed said their biggest issue is worrying about negligent or malicious employees, which they claim are responsible for over half of their organization’s data breaches or security incidents.

Blog Feature

PCI | Pen Testing

By: JACOB ANSARI
September 15th, 2016

Originally published at blog.pcisecuritystandards.org In this post, we get insights from Jacob Ansari, Manager at Schellman & Company, LLC He will present“Hunting Paper Tigers: A Security-First Approach to Compliance” at the North America Community Meeting in Las Vegas.