ControlScan Blog

Stay informed with the latest security + compliance updates, news and best practices.

July 16, 2018Published by

Merchant service providers implement PCI compliance programs to lessen the likelihood of a data breach happening among the merchants within their portfolios. These programs help raise awareness of, and compliance with, the Payment Card Industry Data Security Standard (PCI DSS).But compliance is no small task, and applying the PCI DSS principals across a portfolio of tens (or even hundreds) of thousands of merchants can be daunting. That’s why I’m here at ControlScan: It’s my job to ensure our partners achieve measurable PCI compliance program success.



June 25, 2018Published by

How do you find the best PCI QSA for your company? Here are the 6 criteria you should apply when searching for your next Qualified Security Assessor.


March 29, 2018Published by

Outpacing cybercriminals’ tools and techniques is tough work, and that’s why the payments industry is embracing payment security innovation. ControlScan Executive Chairman Tom Wimsett recently sat down with Jason Oxman, CEO of the ETA, to discuss the challenges facing acquirers, ISOs, processors and payment facilitators as they work to assist merchants with security and compliance.


December 12, 2017Published by

Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.


October 30, 2017Published by

On October 5th, 1953, the New York Yankees became the only team in baseball history to win five championships in a row. Today I’m pleased to tell you that ControlScan has passed the PCI Approved Scanning Vendor (ASV) revalidation test, also for the fifth consecutive year!This was no easy feat. Read on to learn how we did it.


July 16, 2017Published by

Payment card data security isn’t a new concept, yet businesses everywhere still can’t get it right. The payment card industry has a growing body of standards, merchants and technology providers strive to follow them, and consumers continue to demand them.But payment card data breaches still happen. Regularly. Why?It’s time we upped the ante on our efforts to help merchants protect themselves.


January 9, 2017Published by

Each information security framework was created for a purpose, but the shared goal is some form of assurance that sensitive data is effectively protected. Unfortunately, compliance requests vary by client and too frequently are based on incorrect assumptions or a check-list mentality that jeopardizes true information security.Identifying the right security framework (or set of frameworks) for your organization not only provides real information security assurance, it also gives you the opportunity to consolidate the audits you’re conducting or undergoing to save valuable time and money.


November 15, 2016Published by

Third party relationships make your life easier in a multitude of ways, from streamlining processes, to providing additional human resources, to ensuring operational efficiency. Unfortunately, these relationships also introduce increased business risk related to data security and compliance.If one or more of your third party vendors doesn’t maintain a strong security posture and is consequently compromised, your business could very well end up sharing the burden of recovery. Read this ControlScan blog post for three steps you can take to lessen your business’s third party risk.


July 12, 2016Published by

Event log monitoring—or keeping an eye on your system logs for security and compliance purposes—can be a challenge. Here at ControlScan we see businesses and their IT teams struggling with its implementation and/or maintenance just about every day.

  Read More