Connect with us


PCI DSS and What It Means for You



Running a business in the digital age is no easy feat. This is especially true nowadays, when consumer data security is at the forefront of the conversation.

Data breaches have hit even some of the biggest multinationals out there, enabling the exposure of sensitive user data and compromising the privacy and trust of their customers. When it’s payment card data that leaks on a large scale like this, the damage goes far beyond consumer confidence.

Table of Contents

Individual customers’ financial lives can be severely hurt when their sensitive data gets into the wrong hands.

That’s why it’s incredibly crucial to secure cardholder data, which is what PCI DSS aims to do.

Like many compliance programs, the Payment Card Industry Data Security Standard (PCI DSS) is designed to ensure a more stable and secure vendor, which leads to a more reliable payment card industry overall. PCI DSS ensures that you, your fellow merchants, and all the stakeholders in the payment card industry are held to a rigorous industry standard for security.

But what about your business – do you need to be PCI DSS compliant?

If you store, process, or transmit cardholder data, the short answer is yes, but let’s go over a few things for you to understand exactly why this data security regulation is so vital and why it’s so important for your business.

What is PCI DSS?

All merchants and service providers that process payment card information must comply with PCI DSS, which is a set of controls and obligations that reduce the likelihood of cardholder data being compromised.

To put it simply: PCI DSS is a set of requirements that businesses who touch payment card data must follow as part of an industry-wide program against credit card fraud and loss.

The most recent DSS version from the Security Standards Council (SSC), which is a consortium of payment card brands like Visa and MasterCard, contains 12 requirements that merchants and service providers must implement.

A dozen boxes to tick doesn’t sound too difficult, right?

Not so fast: within these 12 requirements are hundreds of sub-requirements. Installing firewalls, encrypting cardholder data, performing patch management and maintaining traceable records are just a few of the requirements for PCI DSS compliance, many of which are complex and can require an entire cross-functional team to tackle.

Some of these requirements may be especially difficult for smaller organizations to meet, particularly without any expert help.

Who needs to comply with PCI DSS requirements?

So, how do you know if your business needs to worry about attaining and maintaining compliance?

PCI DSS applies to any organization, without regard to size, value, or number of transactions, if that organization collects, transmits, maintains, or transfers cardholder data. Anyone who transacts a major brand card such as American Express, Discover, MasterCard or Visa must comply with the PCI DSS requirements.

In other words, if payment card data touches your network at any point, you must comply.

For smaller organizations out there, the journey to reaching full PCI DSS compliance without any help may seem incredibly daunting – but failing to fulfill the requirements can and does lead to hefty consequences.

What happens when you don’t comply with PCI DSS?

Like GDPR and CCPA requirements, non-compliance is not an option for PCI DSS requirements. While it is technically not a law, like GDPR and CCPA both are, businesses agree to adhere to PCI requirements when they engage in any activity related to the payment card industry.

Failure to comply with PCI DSS could cost you dearly, particularly if you ever have a breach of payment card data. The penalties for non-compliance range from sizable monetary finesto getting your ability to process payment cards revoked – both of which can be detrimental for an early-stage company.

These can be just the tip of the iceberg compared to the total financial harm caused by non-compliance.

From there, businesses may have to pay to inform every individual impacted by the data breach, reissue cards, pay legal fees – the list goes on. The fines for non-compliance are just the start, and don’t even factor the brand damage a data leak causes and the loss of consumer trust that follows. Brand image is, in fact, one of the biggest vulnerabilities when it comes to data security.

According to research from the Ponemon Institute, 61% of Chief Marketing Officers believe that the largest cost of a security incident is the erosion of brand value.

Not only should you, as a business leader, want to maintain a secure cardholder data environment (CDE) for your customers, but you should also want to avoid the liability of not implementing these compliance requirements.

The question, therefore, should not be “is PCI compliance mandatory” (it is), but rather “why would you take the risk of not implementing it?”

Understanding that PCI DSS compliance is absolutely vital is the first step – but how would a business go about becoming compliant?

The DIY approach to PCI compliance

To build a PCI compliant network you will, at a minimum, need to follow the following steps.

Step one: Download and review the PCI DSS details from the Security Standards Council and study it. There are resources that will help you understand how to comply. Read through them and understand the challenges ahead.

Step two: Conduct a risk assessment to determine the robustness of the controls and how you will mitigate the risks. Not every control applies to every environment. Use your risks to find the gaps you need to fill. It can be helpful to work with an expert for this step. Budget-busting solutions often exceed the needs of most smaller businesses, but untrained personnel often struggle to identify which controls do not apply, or how to compensate for them.

Step three: Determine which of your current resources can be leveraged for one or more of the controls indicated by your risk assessment. Identify any gaps that will require new resources, including servers, routers, communication equipment, physical security, and full-time employees.

Step four: Create a project plan with budget and timeline/milestones. Be careful with how long you take to get compliant, as your risks don’t drop until you are compliant. For many smaller businesses, this process will take 3-6 months, usually requiring significant consultation from experts as well as costly technology, including firewall(s), access control systems, vulnerability scanning services or tools, and more.

Step five: Gather your resources and build or rebuild your network. It is likely you will need at least one full-time employee to manage your network for PCI DSS compliance.

Step six: Test and verify that your controls reduce the risks you identified as expected. Controls do not always work as intended, since technology changes rapidly, so the method you chose a few months ago may have been circumvented in the intervening time.

Step seven: Go live with your solution and hope it works as designed. It might not but you will tweak it until it does.

Step eight: Have your system audited by a Qualified Security Assessor listed on the PCI Security Council website. You won’t really know how well you have done until you are audited (that is unless you have a breach, in which case, you did poorly).

Step nine: Revise your controls or infrastructure based on the audit findings.

Once all nine steps are completed, constant vigilance, testing and reworking are required on a regular basis.

The human resources and funding required to complete all of the above is, unfortunately, out of reach for many younger companies.

For this reason, many small-and-medium-sized organizations opt to work with a trusted third-party data security partner to manage all their PCI compliance needs.

The easiest and fastest path to PCI compliance

Rather than have a cross-functional team undertake the arduous process of gaining PCI DSS compliance the DIY route, the fastest and simplest way to become compliant is to make sure payment card data never touches your business’ servers.

But how can you possibly transact payment cards and run an online business without ever touching cardholder data?

The solution is an innovative approach called data aliasing, during which sensitive user data – like cardholder information – is redacted in real time and replaced with a synthetic data alias so that none of the original data ever passes through your system.

Data aliasing is the foundation of Very Good Security’s Zero Data solutions, which enable businesses to collect, store and transmit any sensitive data they want without ever coming into possession of it.

This effectively removes most of your business systems from PCI DSS compliance scope, so your burden is drastically reduced – and your risk of data breaches plummets to almost zero.

Very Good Security offers nearly instant compliance for smaller merchants and service providers upon integration. For organizations that are PCI Level 1, either because of transaction volume or because their bank or partners require it, compliance can be achieved in as few as 21 days.

By taking the DIY path, the same result can take several months – after you’ve already poured a substantial amount of human and financial capital into securing your databases and processes.

Very Good Security is a completely scalable solution that grows with your business, and can take your PCI burden off your plate almost entirely.

Interested in descoping your company’s networks from PCI requirements and achieving compliance the simple way? Try a demo of VGS by clicking here.

This article was originally posted on Very Good Security.

37,250 total views, 434 views today

The post PCI DSS and What It Means for You appeared first on PrimaFelicitas.



Kraken Daily Market Report for September 20 2020




  • Total trading at $125.5 million. Trading volume up slightly from the Sunday average as Ethereum and other coins had losses of few percentage points.
  • A little after 21:00 UTC, there was a system maintenance for a few minutes.
  • he only coin that had a positive day was Augur +4.0%. Otherwise, even the stable coins had minor losses. Kusama, Curve DAO, Balancer, and StorJ – four of the newer coins to the platform, had 5-10% losses.

September 20, 2020 
 $125.5M traded across all markets today

#####################. Trading Volume by Asset. ##########################################

Trading Volume by Asset

The figures below break down the trading volume of the largest, mid-size, and smallest assets. Cryptos are in purple, fiats are in blue. For each asset, the chart contains the daily trading volume in USD, and the percentage of the total trading volume. The percentages for fiats and cryptos are treated separately, so that they both add up to 100%.

Figure 1: Largest trading assets: trading volume (measured in USD) and its percentage of the total trading volume (September 20 2020)

Figure 2: Mid-size trading assets: (measured in USD) (September 20 2020)

Figure 3: Smallest trading assets: (measured in USD) (September 20 2020)

#####################. Spread %. ##########################################

Spread %

Spread percentage is the width of the bid/ask spread divided by the bid/ask midpoint. The values are generated by taking the median spread percentage over each minute, then the average of the medians over the day.

Figure 4: Average spread % by pair (September 20 2020)


#########. Returns and Volume ############################################

Returns and Volume

Figure 5: Returns of the four highest volume pairs (September 20 2020)

Figure 6: Volume of the major currencies and an average line that fits the data to a sinusoidal curve to show the daily volume highs and lows (September 20 2020)

###########. Daily Returns. #################################################

Daily Returns %

Figure 7: Returns over USD and XBT. Relative volume and return size is indicated by the size of the font. (September 20 2020)

###########. Disclaimer #################################################

The values generated in this report are from public market data distributed from Kraken WebSockets api. The total volumes and returns are calculated over the reporting day using UTC time.


Continue Reading


Bitcoin Price Analysis: BTC Facing The Ultimate Make Or Break Level Of $11,000




  • Bitcoin price is pivotal between the 50-day SMA and $11,000, suggesting possibilities of consolidation taking over.
  • The impact of an ascending wedge is kept at by the 50-day support, breakdown back to $10,000 is still in the picture.

Bitcoin has spent the last three weeks trying to recover from the dip at the beginning of September. There was a break above $11,000 last week, but BTC hit a wall at $11,200, allowing bears to take back control. Since then, support has been established above $10,700. Unfortunately, resistance at $11,000 has stayed put.



Meanwhile, the flagship cryptocurrency is trading at $10,960 amid attempts to overcome the resistance at $11,000. BTC/USD is also trading at the tip of an ascending wedge pattern. If the hurdle at $11,000 is pushed into the rearview, there is a likelihood of Bitcoin soaring towards $12,000. However, if the rising wedge’s impact comes into play, BTC could embark on a gains-trimming exercise towards the support at $10,000.

Read more: Bitcoin Trading Volume on Bakkt Peaks Again as September Expiration Approaches

BTC/USD daily chart

BTC/USD price chart
BTC/USD price chart by Tradingview

The 50 Simple Moving Average (SMA) in the daily range is in line to offer initial support at $10,850. As long as Bitcoin holds above this level, the potential for gains above $11,000 will remain high in this week’s trading.

The Relative Strength Index (RSI) hints that the largest cryptocurrency is ready for consolidation by leveling marginally above 50. Moreover, the low trading volume means that BTC is less volatile at the moment. The reckoning level remains at $11,000, where Bitcoin can either kick start the journey to $12,000 or embark on a reversal to $10,000. Either way, it is essential to wait for a confirmed breakout before going all-in on BTC/USD.



Bitcoin Intraday Key Levels

Spot rate: $10,655

Relative change: 41

Percentage change: 0.39%

Trend: In consolidation (short term)

Volatility: Low

Read more: Bitcoin Price Analysis: BTC Eyes $12,000 If 50-day MA Flips Into Support

To get the daily price analysis, Follow us on TradingView

Author: John Isige

John is a talented writer with over two years of experience actively contributing to the cryptocurrency industry by providing credible, interesting and easy to read the content. His main focus is on cryptocurrency price analysis and industry news coverage. Lets follow him on Twitter at @jjisige


Continue Reading


What Are The Top 5 Cryptocurrencies?



The cryptocurrency market has remained quite volatile since Bitcoin was introduced to the world. Over the years, the top 5 cryptocurrencies by market capitalization have changed frequently except for the top two positions held by Bitcoin and Ethereum. Until recently, XRP occupied the third spot but has since left it to Tether, a stablecoin.

According to CoinMarketCap, Bitcoin, Ethereum, Tether, XRP, and Bitcoin Cash take up the top five spots currently subject to market capitalization.


The domain name was registered in August 2008. Later on October 31, 2008, “Bitcoin: A Peer-to-Peer Electronic Cash System” paper was published. It was authored by Satoshi Nakamoto who is the inventor of Bitcoin (BTC). Up to today, nobody knows who this person or people are.

Notably, the paper highlighted a method of using a P2P network for electronic transactions without “relying on trust”. The bitcoin network came into existence on January 3, 2009, and Nakamoto mined block number “0” (or the “genesis block”). This block had a reward of 50 bitcoins.

Bitcoin golden coin on computer circuit board

Since then, the flagship cryptocurrency has dominated the entire crypto space in most cases dictating the direction the market takes at any given time. It occupies the top of the list based on market capitalization currently trading around $11,000 with a market cap of $204.7 billion.


Vitalik Buterin launched Ethereum on July 30, 2015. The researcher and programmer was working on Bitcoin Magazine at the time. Initially, he had written a white paper describing Ethereum in 2013. Buterin had said that bitcoin required a scripting language. He settled on developing a new platform with a general scripting language when he failed to manage to sell his idea to the bitcoin community.

ethereum coin on an computer motherboard blue style

Ethereum’s development was funded by an online crowdsale that was conducted between July and August 2014. This system went live with 11.9 million coins already mined for the crowd sale. This represents around 13% of the total supply in circulation.

After the collapse of The DAO project in 2016, Ethereum split into two blockchains. The new version is known as Ethereum while the original blockchain is called Ethereum Classic. With many use cases for Ethereum coming up every day, the crypto has continued to thrive currently holding the second spot with a market capitalization of $43.42 billion.


Tether was issued on the Bitcoin. It converts cash into digital currency to anchor or ‘tether’ the value of the coin to the price of national currencies. The value is meant to mirror that of the US dollar and every unit of Tether is backed by $1 held in reserve.

Tether coin symbol with crypto currency themed background design. Modern neon color banner for Tether or USDT icon. Cryptocurrency Blockchain technology, digital FIAT & trade exchange concept.

This stablecoin is used to facilitate trading between cryptos with a rate that is fixed to the US dollar enabling traders to benefit from various trading opportunities. Tether’s current market capitalization is $15.22 billion. The crypto occupies the third position in the market capitalization list.


By description, Ripple is a real-time gross settlement system (RTGS). It was created by the Ripple Company and it is also referred to as the Ripple Protocol or Ripple Transaction Protocol (RTXP). This technology can trace its origin to 2004 when Ryan Fugger, a web developer, came up with an idea to develop a decentralized monetary system. This system was meant to enable individuals to create their own money.

In 2005, was launched to offer a secure payment channel for an online community through a global network. Jed McCaleb started creating a digital currency system in 2011 in which transactions were validated by consensus among the members of the network. That was a different method from the mining process used by bitcoin that relies entirely on blockchain ledgers.

KONSKIE, POLAND - JUNE 30, 2018: Ripple (XRP) cryptocurrency website displayed on Huawei Y6 2018 smartphone

The new version of the Ripple system was designed to get rid of bitcoin’s centralized exchanges, use less energy than bitcoin, and perform transactions quicker. Ripple was successfully launched in 2012 to support secure, instant global transactions supporting tokens representing fiat currency, crypto, or any unit of value.

Since then, Ripple’s XRP has remained in the top 5 cryptocurrencies’ list currently perched on the fourth spot with a market capitalization of $11.3 billion.

Bitcoin Cash

Bitcoin Cash (BCH) occupies the last spot in the current list of top 5 cryptocurrencies. The crypto was born out of the idea of making Bitcoin more practical for small, daily payments.

Virtual cryptocurrency Bitcoin Cash sign in digital cyberspace

In May 2017, bitcoin payments took almost four days unless a fee was paid. These costs were proportionately too large for the small transactions. A change to this code was implemented and BCH was unveiled on August 1, 2017. For now, BCH takes the fifth spot with a market capitalization of $4.32 billion.

The top 5 cryptocurrencies keep on changing depending on which coin gains more than the rest. But, bitcoin and Ethereum remain at the top even as the lower cryptos exchange positions.


Continue Reading