Coconote
AI notes
AI voice & video notes
Try for free
📚
Scope and Cardholder Data
Jun 16, 2024
Scope and Cardholder Data
Introduction
Presenter: PE, Practice Leader at Shelman
Topic: Understanding scope even if not handling cardholder data directly
Common Scenarios
E-commerce Platforms
Implementing iframe or redirect
:
Not handling cardholder data directly
Not transmitting, storing, or processing data
Scope
: Payment scripts need protections found in SAQ-A
Steps to determine scope:
Identify scripts
Understand their function
Determine Integrity controls
Software Development
Developing software for other organizations
:
Not directly handling cardholder data
Writing software that interacts with environments handling cardholder data
Compliance
: Show updates to help client's compliance
Managed Security Service Providers
Functions: Vulnerability scanning, patching
:
Authenticate to environments with cardholder data
Do not need full PCI DSS compliance assessment
Impact
: Understand how they affect cardholder data security
Key Takeaway
Even if not handling cardholder data, understanding impact on its security is crucial for PCI DSS scope
Scope is nuanced; not one-size-fits-all
Conclusion
Encouragement to reach out for help with understanding scope
Contact
Shelman: Available to answer questions and assist
📄
Full transcript