Tag Archive: PCI DSS

How Much Does It Cost to Become PCI Compliant?

Written by
Published 12/26/2019

How much does it cost to become compliant with the Payment Card Industry Data Security Standard (PCI DSS)? It is challenging to put a number or an actual figure of becoming PCI compliant. The reason exact dollar amounts become a problem to predict is it depends on the size of the organization, whether they are eligible for the PCI Self Assessment Questionnaire (PCI SAQ), and the way they handle and store customer information.  The good news is that an organization can look at the typical requirements around becoming PCI compliant and reverse engineer what costs might look like. PCI uses merchant levels to determine risk and ascertain the appropriate level of security for their businesses. Specifically, merchant levels determine the…

Tags: , ,
Categorized in:

How to Map PCI DSS to the NIST Cybersecurity Framework

Written by
Published 12/03/2019

Organizations face an increasing number of compliance metrics. Risk management is of paramount importance and is feeding the need for governance. Terms like PCI DSS and NIST CSF are two frameworks that help enhance data security and manage risk.  Often, it is the confusion on where businesses need to start that prevents them from taking action at all. It is important first to understand what PCI and NIST do, how they are related to each other, and how they are different to prevent analysis paralysis. What Is PCI DSS? The Payment Card Industry Data Security Standards (PCI DSS) were created to standardize the way all organizations that accept, process, transmit, and store credit card information securely. The requirements mandated by…

Tags: , ,
Categorized in: ,

PCI DSS: Testing Controls and Gathering Evidence

Written by
Published 07/18/2019

PCI DSS: Testing Controls and Gathering Evidence Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is not easy to achieve. Quite the opposite, in fact: A 2017 Verizon report stated that 80 percent of companies fail their PCI DSS assessments, and only 29 percent of those that pass are still compliant after one year. PCI DSS compliance, like information security as a whole, is not a one-and-done process but ongoing. To succeed, your enterprise must be vigilant. And comply you must, if your organization wants to do business. Penalties for non-compliance can be high—even crippling— but never fear. With planning and preparation, you can obtain that coveted Report on Compliance (ROC) or Attestation of Compliance (AOC) with relative…

Understanding the PCI Levels of Compliance

Written by
Published 07/16/2019

Understanding the PCI Levels of Compliance While every merchant and service provider that processes, stores, or transmits credit card data must comply with the Payment Card Industry Data Security Standard (PCI DSS), not all must travel the same path to PCI compliance. The amount of risk an organization faces depends on a variety of factors. Recognizing these differences, the PCI Security Standards Council developed four compliance levels for merchants and two for service providers. The level an enterprise belongs depends upon:     How many credit card transactions it processes in a year, and      Whether it has suffered a breach or cyberattack resulting in compromise of credit card or cardholder data. The entities with the most stringent and…

Tags: , ,
Categorized in:

What Is a PCI Audit?

Written by
Published 07/11/2019

What is a PCI Audit? A PCI audit examines the security of your organization’s credit-card processing system from beginning to end.  During this process, a Qualified Security Assessor (QSA) or your own Internal Security Assessor will determine the effectiveness of your organization’s information security controls. To pass the test, your payment network must meet as many as 281 criteria spelled out in the Payment Card Industry Data Security Standard, or PCI DSS, with which all merchants and their service providers must comply. To demonstrate PCI compliance, your organization must do one of two things:     Have an on-site audit by a Qualified Security Assessor (QSA) or Internal Security Assessor, or     Fill out a PCI DSS self-assessment questionnaire,…

Tags: , ,
Categorized in:

How To Minimize The Scope of Your PCI DSS Audit

Written by
Published 07/08/2019

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) and its 281 directives can be a time-consuming hassle. Fortunately, there are ways to minimize your PCI DSS scope, saving time and resources for your organization and auditor, and ratcheting down your stress levels. Larger organizations—those processing more than 1 million credit-card transactions annually—may need two years to reach initial PCI DSS compliance. Then, to stay compliant, they often must expend ample resources monitoring their systems and security and keeping it all up to date. For those who fail, the penalties can be crippling. Even smaller merchants and internet service providers (ISP) may require a year’s work to reach PCI compliance. That’s because this data security framework, mandatory for…

Tags: , ,
Categorized in: