Posts by: Alan Gouveia

What Is a PCI Audit?

Written by

What is a PCI Audit? A PCI audit examines the security of your organization’s credit-card processing system from beginning to end.  During this process, a Qualified Security Assessor (QSA) or your own Internal Security Assessor will determine the effectiveness of your organization’s information security controls. To pass the test, your payment network must meet as many as 281 criteria spelled out in the Payment Card Industry Data Security Standard, or PCI DSS, with which all merchants and their service providers must comply. To demonstrate PCI compliance, your organization must do one of two things:     Have an on-site audit by a Qualified Security Assessor (QSA) or Internal Security Assessor, or     Fill out a PCI DSS self-assessment questionnaire,…

Tags: , ,
Categorized in:

How To Minimize The Scope of Your PCI DSS Audit

Written by

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) and its 281 directives can be a time-consuming hassle. Fortunately, there are ways to minimize your PCI DSS scope, saving time and resources for your organization and auditor, and ratcheting down your stress levels. Larger organizations—those processing more than 1 million credit-card transactions annually—may need two years to reach initial PCI DSS compliance. Then, to stay compliant, they often must expend ample resources monitoring their systems and security and keeping it all up to date. For those who fail, the penalties can be crippling. Even smaller merchants and internet service providers (ISP) may require a year’s work to reach PCI compliance. That’s because this data security framework, mandatory for…

Tags: , ,
Categorized in: