ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.



  1. Home
  2. ControlScan Blog

Best Practices for Remote Security Assessments

April 1, 2020Published by

What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.

  Read More   

Crypto-Agility in the Era of Quantum

March 23, 2020Published by

While quantum capabilities are still a few years out, it’s important to be thinking about their future impacts to our crypto systems today. How will we prepare and upfit our systems to meet the challenge of tomorrow’s adversaries? There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era.

  Read More   

Payments Industry Trends Leading the Way in Security, Fraud Prevention

March 12, 2020Published by

After leaving the March 2-5 conference, I ate lunch at an open seating restaurant at the airport. Over lunch I educated two people on the latest Intelligence on credit card security and fraud, armed with new stats and insights I’d picked up at the MAC Level Up conference. This was proof positive that MAC delivers as it relates to educational content and relevance. In this post, I will share my biggest takeaways from the conference.

  Read More   

PCI PIN Security: v3.0 and QPA Program Now in Effect

October 10, 2019Published by

As of last week—October 1 to be exact—all new assessments for protection of payment card personal identification number (PIN) data must be performed against the latest Payment Card Industry (PCI) PIN Security Requirements and Testing Procedures, version 3.0. The now-effective PCI PIN Security Standard includes changes to requirements and sunset dates that may have a […]

  Read More   

Data Breach vs. Fraud: What’s the Difference?

March 20, 2019Published by

Counterfeit payment cards, stolen payment cards, use of an assumed identity to complete a credit card application… these are easily-recognizable examples of payment card fraud. When a fraud incident occurs in the retail setting, it’s often contained with only small losses occurring to the merchant involved. But what happens when a payment card data breach occurs at that same business? Are its causes and consequences basically the same?

  Read More   

The Number One Reason Businesses Fail Their QSA Audit

August 16, 2018Published by

In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. We’ve identified the number one reason businesses fail their PCI QSA audit, and it’s not what you may think.

  Read More   

Does Your Business Need a PCI DSS Readiness Assessment?

July 27, 2018Published by

A PCI DSS readiness assessment (also known as a gap analysis) is an effective method for finding and fixing compliance holes efficiently and economically. Read this post to learn if your business can benefit from a readiness assessment.

  Read More   

Next »



Back to Top