The most crucial and consumed PCI DSS and business security posts.

Most popular data security postsBecause of its complexity, technicality, and ever-changing nature, there’s never a shortage of questions about data security, PCI DSS compliance, and network security. That’s why we started this blog; to answer the most commonly asked questions about data security, and to offer educational assistance on how to get your business secure and compliant.

The following is a compilation of the most crucial and consumed data security content on the SecurityMetrics blog.

10. 5 Commonly Overlooked Security Errors

Starting in tenth place, this great article explains common mistakes security auditors, also known as Qualified Security Assessors, find when they go onsite to audit a company’s security practices. There may even be a few security practices in this post that you might be overlooking.
    Commonly overlooked PCI errors
  • Learn how not understanding your scope can seriously affect your security.
  • Why companies make the mistake of thinking policies are just annoying paperwork.
  • Don’t assume log monitoring is just for forensic investigators.

9. 7 Ways to Recognize a Phishing Email

Phishers are getting so good these days that even security professionals have a hard time discerning between real and fake emails. This article provides a great list (and examples!) of the most effective ways to recognize and avoid phishing emails in your personal and business email security strategy.
    Phishing example
  • Learn the subtle hints of phishing emails.
  • Understand that just because a link says it will send you to a URL, doesn’t mean it will.
  • Why domain emails are important when discerning a phishing email.

8. Infographic: 61% of Businesses Don’t Protect Customer Cards

PANscan InfographicSince 2011, SecurityMetrics has examined data from thousands of scans conducted on business networks. The scans were searching for unencrypted payment card data using a credit card data discovery tool called PANscan. This post examines the 2014’s scan results.
  • Understand the most common places credit card data hides.
  • Lean how easily payment card data leaks.
  • Why EMV won’t stop this trend, even after the October 1, 2015 deadline.

7. Visa PCI Enforcement Rules in 2015

Each card brand has different initiatives to help merchants understand the importance of securing customer card data. Visa’s PCI Validation Enforcement Plan places a risk-based focus on noncompliant merchants and third parties that may introduce increase risks into the already-fragile payments system.
    Visa Enforcement Rules
  • Learn the penalties for noncompliance after January 1, 2015.
  • What Visa actually meant by noncompliance assessments and risk reduction measures.
  • What the new enforcement plan actually means for noncompliant merchants.

6. Which PCI DSS SAQ Is Right For Me?

The way you process customer credit cards might change which Self-Assessment Questionnaire you are required to fill out to maintain PCI DSS compliance. Now that the PCI standard has recently changed (versions 3.0 and 3.1), merchants are having a hard time identifying which SAQ is right for their particular business.
  • Determine which SAQ is appropriate for you.
  • See an entire list of PCI SAQs updated to reflect the most recent PCI 3.0 changes.
  • Learn why accurately filling out an SAQ is a PCI requirement.


PCI DSS MythsWhen small to medium merchants call in to SecurityMetrics to get help with their data security, these are the questions we hear and answer most often.
  • Learn the difference between compliance and validation.
  • Answer the question: who is required to be PCI compliant?
  • Understand why PCI DSS is not a federal law.

4. Shellshock: Be Wary But Don’t Panic

A handful of big vulnerabilities were publicly exposed in 2014, but one of the biggest was Shellshock. Many people were panicking without fully understanding the situation. We wrote this post to expose the truth about the bug, and what you can do to secure your systems.
  • Why bugs like Shellshock exist.
  • Who is affected by Shellshock?
  • How do you fix this vulnerability?

Tweet these top PCI articles.

3. PCI 3.1: Stop Using SSL and Outdated TLS Immediately

Just months after merchants felt comfortable with PCI 3.0’s changes, now there’s something new to understand. According to the PCI Council’s newest version of the PCI DSS (PCI DSS 3.1), SSL has been removed as an example of strong cryptography. This blog post explains exactly what PCI 3.1’s newest changes mean, and what you should know to accurately comply.
    PCI 3.1
  • How will PCI 3.1 affect you?
  • How to tell if you’re using SSL or outdated TLS protocols.
  • Advice for complying with this new version of PCI DSS.

2. Crucial Security Advisory: Patch Windows Immediately Against WinShock

Pretty much every Microsoft Windows system was affected by the WinShock vulnerability publicly released in November 2014. There are over 1 billion Windows PCs in the world today, so this vulnerability came as a shock. This post explains the who, what, when, where, and why.
  • Exactly which systems are affected?
  • How does the vulnerability work?
  • What you can do to protect against this vulnerability in your Windows systems.

1. The Ultimate Guide to PCI DSS 3.0

Each of our PCI 3.0 blog posts were in the top 10, so we just combined them into our #1 most read blog post: our ultimate guide to PCI DSS 3.0. PCI DSS 3.0 brought about some big changes (and confusion) for merchants. This compilation post includes each of SecurityMetrics’ best PCI DSS 3.0 blog posts.
Ultimate guide to PCI DSS 3.0
  • An ebook explaining the ecommerce merchant’s guide to PCI DSS 3.0.
  • Webinars explaining key PCI 3.0 requirements.
  • FAQ about PCI DSS 3.0.