Loyalty Card Systems

Support • Security

Security Community & Compliance

Curated links and notes on email deliverability, PCI DSS, GDPR, and modern network security models.

Email Deliverability

DMARC, Phishing Protection, and Deliverability

There’s increased focus on DMARC compliance and protection against brand phishing. Deliverability issues can stem from blacklisting, missing SPF/DKIM/DMARC, or configuration drift.

  • Why now: Governments and large providers increasingly require DMARC alignment and enforcement.
  • Business impact: Email remains mission-critical; hard bounces and spoofing erode trust and conversions.
Quick Wins
  • Publish valid SPF and DKIM; align DMARC to your From domain.
  • Start with p=none to gather reports, then move toward quarantine/reject.
  • Audit sending services (marketing, app, support) so DNS includes all legitimate senders.

Tip: NetGCS transactional emails should pass SPF/DKIM and align DMARC. If you’re using a relay (e.g., SendGrid), add their include records and DKIM keys to your DNS.

PCI Compliance Resources

PCI DSS • PA-DSS • P2PE • 3DS

PCI Professional (PCIP)

Foundational credential for practitioners with working knowledge of PCI SSC standards.

PCI Forensic Investigators (PFIs)

Qualified to determine if/when cardholder data compromise has occurred.

3DS Assessors

Assess against the PCI 3DS Core Security Standard (ACS, DS, 3DS Server).

Internal Security Assessor (ISA)

Sponsor companies qualified by the Council for internal PCI efforts.

PA-QSA Companies

Qualified to perform PA-DSS assessments and produce ROVs.

P2PE Solutions

Merchant/acquirer resource for PCI-listed P2PE solutions.

PA-DSS Validation & ROV

PA-QSA evaluation and documentation; SSC QA review does not retest products.

GDPR

General Data Protection Regulation

Approved April 14, 2016; enforced May 25, 2018. Non-compliance may result in significant penalties.

Learn more
Architecture

Zero Trust Networks

Treat the entire network as hostile; require strong authN/authZ and encryption, with least-privilege, compartmentalized access. Useful for reducing lateral movement after a breach behind traditional perimeters.

Suggested reading: industry texts and vendor-neutral guides on implementing Zero Trust with identity-centric controls and micro-segmentation.

© 2006–2025 PCI Security Standards Council & respective owners. All rights reserved.