Welcome To PCI Guru

PCI Guru is a blog operated by a somewhat well known Payment Card Industry (PCI) Qualified Security Assessor (QSA). The purpose of this blog is to provide commentary on topics related to PCI compliance and comments on common questions regarding the various PCI standards. If you want questions answered, I recommend that you go to the Society of Payment Security Professionals (SPSP) Forum (http://forum.paymentsecuritypros.com/index.php). There you can find all sorts of advice from a variety of professionals. If you would like to get a hold of the PCI Guru, the PCI Guru can be contacted through GMail at the PCIGuru account.


2 Responses to “Welcome To PCI Guru”

  1. 1 Raul Ramos
    July 27, 2015 at 3:52 PM

    SAQ A and SAQ A-EP clarification – Jan 7/2015 post

    Dear PCI Guru,

    In your post, you provided a table from Visa Europe, i.e. SAQ A if uses redirect or iFrame. Our SAQ A/A-EP process are all fully outsourced and is using redirect and iFrame.

    Do you know if this policy has been implemented in North America?


    • July 28, 2015 at 4:20 AM

      Not only is that chart used worldwide by Visa, it is the basis for the Council’s interpretation for SAQ A/A-EP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


If you are posting a comment, be patient, as the comments will not be published until they are approved.

If your organization has a PCI opportunity, is in need of assistance with a PCI issue or if you would like the PCI Guru to speak at your meeting, you can contact the PCI Guru at pciguru AT gmail DOT com.

I do allow vendors to post potential solutions in response to issues that I bring up in posts. However, the PCI Guru does not endorse any specific products, so "Caveat Emptor" - let the buyer beware. Also, if I feel that the response is too "sales-ee", I reserve the right to edit or not even authorize the response.


February 2009
    Mar »

Enter your email address to subscribe to the PCI Guru blog and receive notifications of new posts by email.

Join 1,941 other followers


%d bloggers like this: