Compliance & Regulatory Audits
What is PCI Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is the information security standard for organizations that handle branded credit cards for the major card brands such as Discover, MasterCard, and Visa.
PCI DSS is designed to protect merchants and their consumers against card theft and fraud. The standard defines requirements for the protection of consumers’ payment and card information while being stored, in transit or during processing.
Organizations that do not comply with these standards may face significant fines, loss of customer trust, and the ability to process card transactions in general.
If you are looking to get started with PCI Compliance, you have come to the right place. In fact, here is a video presentation on “How to Prepare for PCI Compliance”.
How to Prepare for PCI Compliance?
The first step to PCI Compliance is to determine which of the four Merchant Levels your company falls into. Typically, it depends on the volume of credit card transactions during a 12-month period or the level of security that your customers are requiring.
Once you determine your level, you can identify if you can complete a self assessment or require an onsite audit. The PCI Council has nine different Self-Assessment Questionnaires (SAQs). You will need to identify if it is necessary to hire a PCI Council-Approved auditor to verify that each PCI DSS security requirement has been met.
Roadmap to Compliance
Here is the quick overview of what the road to compliance looks like.
- Annual Scoping Engagement – Knowing what is in scope.
- Gap Assessment
- PCI DSS Validation and ROC – Validating annually that the required security controls are in place, which can include forms, questionnaires, external vulnerability scanning services and third party audits
With in your journey to PCI Compliance, you may be required to complete a Security Assessment which is made up of two types of scans:
- Internal Scan – performed from inside your network to search for potential vulnerabilities
- External Scan – performed from an outsiders point of view, scanning for potential vulnerabilities
We understand the process can be confusing. We can help you navigate through each of these phases. Let’s connect.