Resources

Datasheet
Datasheet

Tripwire ExpertOps and PCI

The Payment Card Industry Data Security Standard ( PCI DSS ) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft...
Compliance
PCI DSS
Datasheet
Datasheet

Tripwire Resident Engineers

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Compliance
NERC CIP
NIST
PCI DSS
SOX
Datasheet
Datasheet

Tripwire’s Solutions for Automated, Continuous PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments secure the cardholder environment to prevent credit card fraud, cyber threats, and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting, and storing credit card data to minimize the theft...
Compliance
PCI DSS
Case Study
Case Study

Payment Processor for Businesses

As a recognized leader in the payment processing sector, this company offers its clients hundreds of secure payment methods across multiple platforms, around the globe. Onan average day it processes tens of millions of mobile, online and in-store transactions in 100+ currencies. After experiencing a security incident that was quickly contained, the company took the opportunity to revamp its entire...
Compliance
PCI DSS
PCI 4.0: The wider meanings of the new Standard
Blog
Blog

PCI 4.0: The wider meanings of the new Standard

By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0 , contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs from the previous version, we examined some of the...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 10, 11 and 12
Blog
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0 , one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function in an organization, it is possible to “geek out...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
Blog
Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

By David Bruce on Wed, 06/22/2022
In Part 1 of this series , we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability Management Program Requirement 5: Protect All Systems and...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
Blog
Blog

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems for those who want to phase in the new standard...
Compliance
PCI DSS
Dynamic Duo
Blog
Blog

PCI DSS 4.0 and ISO 27001 – the dynamic duo

By Tripwire Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by version 4.0 of the PCI DSS standard. Although...
Compliance
PCI DSS
PCI DSS 4.0 is Here: What you Need to Consider
Blog
Blog

PCI DSS 4.0 is Here: What you Need to Consider

By David Bruce on Tue, 04/26/2022
The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be updated to address those changes. The most...
Compliance
PCI DSS
How Achieving Compliance with PCI DSS Can Help Meet GDPR Mandates
Blog
Blog

How Achieving Compliance with PCI DSS Can Help Meet GDPR Mandates

By Tripwire Guest Authors on Sun, 11/14/2021
Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy is concerned. While GDPR is an international data...
Compliance
PCI DSS
PCI DSS 4.0 Is Coming – Are You Ready?
Blog
Blog

PCI DSS 4.0 Is Coming – Are You Ready?

By Editorial Staff on Wed, 03/03/2021
Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of industries. These attacks and others like them were made...
Compliance
PCI DSS
Steps for PCI DSS Gap Analysis
Blog
Blog

Steps for PCI DSS Gap Analysis

By Tripwire Guest Authors on Mon, 01/11/2021
Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security posture against what is expected and needs to be...
Compliance
PCI DSS
A Checklist for Preparing for Your Organization's Next PCI Audit
Blog
Blog

A Checklist for Preparing for Your Organization's Next PCI Audit

By Anthony Israel-Davis on Wed, 07/01/2020
Organizations cannot afford to neglect their PCI compliance obligations. According to its website , PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, they must ensure they’re...
Compliance
PCI DSS
Blog
Blog

Verizon’s 2019 Payment Security Report – Not Just for PCI

By Anthony Israel-Davis on Tue, 12/03/2019
If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals. While it focuses on the PCI DSS standard and...
Compliance
PCI DSS
Strong Customer Authentication: A Vehicle for PCI-DSS Compliance
Blog
Blog

Strong Customer Authentication: A Vehicle for PCI-DSS Compliance

By Anastasios Arampatzis on Tue, 09/03/2019
Payment services that operate electronically should adopt technologies that guarantees the safe authentication of the user and reduces, to the maximum extent possible, the risk of fraud. In order to achieve this, the European Union in 2007 passed the Payment Services Directive (PSD). The aim of this legislation is to regulate payment services and payment service providers throughout the European...
Compliance
PCI DSS
A Beginner’s Guide to PCI Compliance
Blog
Blog

A Beginner’s Guide to PCI Compliance

By Megan Freshley on Tue, 04/23/2019
PCI DSS, or the Payment Card Industry Data Security Standard, is the set of requirements for organizations who process card payments. Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they’re not equipped with the proper knowledge and tools. Let’s take a quick look at the basics of PCI compliance, what the actual requirements consist of and methods...
Compliance
PCI DSS
How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance
Blog
Blog

How the CIS Controls Can Help You Achieve PCI DSS 3.2 Compliance

By David Bisson on Sun, 08/05/2018
Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2 superficial and short-lived. To beat those challenges...
Compliance
CIS Controls
PCI DSS
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog
Blog

PCI DSS Version 3.2.1 Published by PCI Security Standards Council

By David Bisson on Mon, 05/21/2018
The Payment Card Industry Security Standards Council (PCI SSC) published a minor revision to version 3.2 of its Data Security Standard (PCI DSS). On 17 May, PCI SSC published PCI DSS version 3.2.1. The purpose of the update was to clarify organizations' use of the Standard and when they would need to upgrade their use of common cryptographic protocols. PCI SSC Chief Technology Officer Troy Leach...
Compliance
PCI DSS
3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them
Blog
Blog

3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them

By Editorial Staff on Sun, 05/20/2018
The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to minimize the theft, exposure and leakage of their customer’s personal and financial credit information by strengthening weakened security controls. For...
Compliance
PCI DSS