ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.

April 1, 2020Published by

What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.


March 23, 2020Published by

While quantum capabilities are still a few years out, it’s important to be thinking about their future impacts to our crypto systems today. How will we prepare and upfit our systems to meet the challenge of tomorrow’s adversaries? There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era.


March 12, 2020Published by

After leaving the March 2-5 conference, I ate lunch at an open seating restaurant at the airport. Over lunch I educated two people on the latest Intelligence on credit card security and fraud, armed with new stats and insights I’d picked up at the MAC Level Up conference. This was proof positive that MAC delivers as it relates to educational content and relevance. In this post, I will share my biggest takeaways from the conference.


October 10, 2019Published by

As of last week—October 1 to be exact—all new assessments for protection of payment card personal identification number (PIN) data must be performed against the latest Payment Card Industry (PCI) PIN Security Requirements and Testing Procedures, version 3.0. The now-effective PCI PIN Security Standard includes changes to requirements and sunset dates that may have a […]


March 20, 2019Published by

Counterfeit payment cards, stolen payment cards, use of an assumed identity to complete a credit card application… these are easily-recognizable examples of payment card fraud. When a fraud incident occurs in the retail setting, it’s often contained with only small losses occurring to the merchant involved. But what happens when a payment card data breach occurs at that same business? Are its causes and consequences basically the same?


August 16, 2018Published by

In the business world, compliance audits are a fact of life. Standards must be followed, and each governing body must receive its assurances. We’ve identified the number one reason businesses fail their PCI QSA audit, and it’s not what you may think.


July 27, 2018Published by

A PCI DSS readiness assessment (also known as a gap analysis) is an effective method for finding and fixing compliance holes efficiently and economically. Read this post to learn if your business can benefit from a readiness assessment.


July 16, 2018Published by

Merchant service providers implement PCI compliance programs to lessen the likelihood of a data breach happening among the merchants within their portfolios. These programs help raise awareness of, and compliance with, the Payment Card Industry Data Security Standard (PCI DSS).But compliance is no small task, and applying the PCI DSS principals across a portfolio of tens (or even hundreds) of thousands of merchants can be daunting. That’s why I’m here at ControlScan: It’s my job to ensure our partners achieve measurable PCI compliance program success.



June 25, 2018Published by

How do you find the best PCI QSA for your company? Here are the 6 criteria you should apply when searching for your next Qualified Security Assessor.

  Read More