Card Brands Compliance Links:
- Visa USA Merchant
- Visa USA Service Providers
- Visa Canada Merchants
- Visa Canada Service Providers
- Visa Europe Merchants
- Visa Europe Service Providers
- MasterCard Merchants
- MasterCard Service Providers
- American Express Merchants
- American Express Service Providers
- Discover Network Merchants
- Discover Network Service Providers
- JCB (Merchants and Payment Processors)
Card Brands Service Provider List:
- Visa Global (searchable directory)
- MasterCard (PDF)
- Visa Europe Merchant Agent List
- American Express Service Provider List (PDF)
Other Visa Documents:
- Visa International Operating Regulations (PDF).
- Visa Acquirer Risk Program Standards Guide.
- Cardholder Information Security Program 5.5. (ancestor to the PCI DSS).
PCI SSC Documents List:
PCI Security Standards Council (2010). Documents Library. (This is where you should go first to see if there are updated versions of the documents.)
2013 Community Meetings Assessor Slides (document only available to assessors, but with mostly the same information as those in the RSA conference presentation).
- Payment Card Industry Data Security Standard - Requirements and Security Assessment Procedures - Version 2.0.
- Summary of Changes from PCI DSS Version 2.0 to 3.0.
- Answers to Frequently Asked Questions (FAQ)
- FAQ 1154. Is pre-authorization account data in scope for PCI DSS?
- FAQ 1280. Can card verification codes/values be stored for recurring transactions?
- FAQ 1252. Do all PCI DSS requirements apply to every system component?
- FAQ 1088. What is meant by "adequate network segmentation" in the PCI DSS?
- FAQ 1135. Can VLANS be used for network segmentation?
- FAQ 1146. What is the difference between masking and truncation?
- FAQ 1090. What are acceptable formats for masking of primary account numbers (PAN)?
- FAQ 1086. Is encrypted cardholder data in scope for PCI DSS?
Other Referenced Documents:
- IETF Request for Comments (RFCs)
- Open PCI Scoping Toolkit - IT Revolution.
- Privacy Rights Clearinghouse (2015). A database of security breaches from 2005 to the present.
- ZDNet (2015). Anatomy of the Target data breach: Missed opportunities and lessons learned.
- Fortinet (2014). Incident Summary - Target Corp Data Breach - What we, the Industry, know (or think we know).
- Bryan Krebs - Krebs on Security.
- Government of Canada Publications (2011). Social Insurance Numbers: regulating their use (BP-206E).
- SANS Institute
- Verizon Enterprise Solutions (2015).
- Open Web Application Security Project (2006).
- IIA (2013). The Three Lines of Defense in Effective Risk Management and Control.
- PCI Guru (Blog)
- Microsoft SDL Threat Modeling Tool.
- Qualys - Top 10 External and Internal Vulnerabilities.
- Workshop on the Economics of Information Security.
- Web Articles
- Forbes (2013). The 10 Biggest Frauds In Recent U.S. History.
- Forbes (2015). The World's Most Valuable Brands List.
- WSJ Digits Blogs (2014). As the Mac Turns 30, Apple Ponders 'Post-PC' Era - Digits.
- Mashable (2015). Apple iPhone snags 92% of smartphone profits.
- PYMNTS.com (2014). Michael Porter's Five Forces And Payments Innovation.
- Weatherford, Jack (1997). The History of Money.
- Magretta, Joan (2012). Understanding Michael Porter: The Essential Guide to Competition and Strategy. Harvard Business Press.
- Bock, Laszlo (2014). Work Rules!: Insights from Inside Google That Will Transform How You Live and Lead.