The Schellman Blog

If you're an e-commerce merchant using an iframe or redirect for payment processing, recent updates to the PCI DSS SAQ A may impact how you maintain compliance. While these changes simplify requirements, a new eligibility rule has been introduced that could affect your compliance status. Here’s what you need to know.

For e-commerce merchants, navigating PCI compliance can be complex, especially when it comes to determining eligibility for Self-Assessment Questionnaire A (SAQ A). If you're unsure whether your business qualifies or what completing the SAQ entails, this guide will help clarify key requirements, recent updates, and potential consequences of non-compliance.

Hi, I'm Matt Crane. I'm a leader in the Payment Security Practice, and today we're going to tackle what exactly cardholder data is because the PCI Council has introduced a new term in PCI DSS v4.0. But first, let's talk about PCI DSS v3.2.1, because--similar to the dinosaurs on my shirt in this video--some of the terminology in v3.2.1 is now extinct, as this version was officially retired on March 31, 2024.

We've received a lot of questions recently about the new access control requirements and PCI DSS version 4. Today, we're going to review those and hopefully we can answer your questions.

In the realm of data security and compliance, one term that frequently arises is "scope." It's a pivotal concept, particularly within the context of the Payment Card Industry Data Security Standard (PCI DSS). In this video, Senior Manager Sully Perella discusses what's in scope for PCI DSS compliance and how your organization may have compliance implications even if you don't directly handle cardholder data.

Organizations pursuing PCI standards for the first time often struggle to understand where they currently stand. A readiness assessment can help by providing a clear evaluation of your organization’s current environment, identifying gaps, and preparing your team for the formal validation process.

Many organizations preparing for PCI DSS compliance wonder whether they should get a readiness assessment or just skip directly to full validation. Matt Crane, Director of Schellman’s PCI Practice, explains what a PCI DSS readiness assessment is and the value it brings.