Safeguard
Tag

payment-security

Safeguard articles tagged "payment-security" — guides, analysis, and best practices for software supply chain and application security.

6 articles

AI Security

Agentic Procurement: Letting AI Agents Buy Software Safely

Agents can now evaluate, trial, and pay for software without a human in the loop. The controls that make that safe: spend caps, allowlists, verifiable merchants, and audit trails.

Apr 4, 20266 min read
Regulatory Compliance

PCI DSS 4.0 Supply Chain Requirements in 2026

The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.

Feb 19, 20265 min read
Regulatory Compliance

PCI DSS software composition analysis requirements for pa...

What PCI DSS 4.0.1 actually requires for tracking third-party and open-source code in payment software, and how SBOMs and SCA tooling satisfy it.

Jan 5, 20267 min read
Regulatory Compliance

PCI DSS Meets SBOM Requirements

PCI DSS v4.0.1 doesn't say the word SBOM, but its software inventory and vulnerability management requirements make one effectively mandatory. Here's how to build an SBOM program that passes a QSA review.

Sep 14, 20246 min read
Best Practices

Retail POS Supply Chain Security

Practical controls and standards shaping point-of-sale software supply chains, from PCI DSS 4.0 to PA-DSS successors and retailer-specific frameworks.

Jun 30, 20247 min read
Compliance

PCI DSS 4.0 Software Supply Chain Requirements Explained

PCI DSS 4.0 quietly turned component inventories, third-party code review, and payment page script control into audit line items. Here's the requirement-by-requirement map.

May 23, 20246 min read
payment-security — Safeguard Blog