Tag Archive: PCI

Understanding the Consequences of Failing PCI Compliance

Written by
Published 03/10/2020

The Payment Card Industry Data Security Standard (PCI DSS) does a great job of outlining how an organization should go about protecting cardholder data. Most organizations take the best practices from the PCI council and implement a strong information security strategy bent on enforcing PCI standards, compliance requirements, and vulnerability management.  What happens when an organization doesn’t follow the rules as they should or they suffer a data breach because of negligence? The organization loses credibility and suffers a reputational loss, which has an unmeasurable impact on the bottom line. The organization may no longer accept credit cards, significantly impacting its ability to sell products and services. The organization may have to pay fines, strengthen its information security, and have…

Tags:
Categorized in: ,

How Much Does It Cost to Become PCI Compliant?

Written by
Published 12/26/2019

How much does it cost to become compliant with the Payment Card Industry Data Security Standard (PCI DSS)? It is challenging to put a number or an actual figure of becoming PCI compliant. The reason exact dollar amounts become a problem to predict is it depends on the size of the organization, whether they are eligible for the PCI Self Assessment Questionnaire (PCI SAQ), and the way they handle and store customer information.  The good news is that an organization can look at the typical requirements around becoming PCI compliant and reverse engineer what costs might look like. PCI uses merchant levels to determine risk and ascertain the appropriate level of security for their businesses. Specifically, merchant levels determine the…

Tags: , ,
Categorized in:

PCI Certification vs. Compliance: What Is the Difference?

Written by
Published 12/12/2019

Organizations are often left wondering what is the difference between a certification granted by representatives of the Payment Card Industry (PCI) and that of obtaining compliance.  The Payment Card Industry Data Security Standard (PCI DSS) defines a framework for protecting cardholder data. The framework was developed by the Payment Card Industry Security Standards Council (PCI SSC) and enabled organizations to assess how well they are protecting cardholder data, training staff, and conducting PCI DSS audits. The PCI Security Standards Council enables organizations to become PCI DSS compliant. Accepting payment cards like Visa, Mastercard, American Express, Discover, and JCB are critical to a merchant’s ability to transact business. Cash and checks are becoming rarer in bricks and mortar companies and all…

How To Minimize The Scope of Your PCI DSS Audit

Written by
Published 07/08/2019

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) and its 281 directives can be a time-consuming hassle. Fortunately, there are ways to minimize your PCI DSS scope, saving time and resources for your organization and auditor, and ratcheting down your stress levels. Larger organizations—those processing more than 1 million credit-card transactions annually—may need two years to reach initial PCI DSS compliance. Then, to stay compliant, they often must expend ample resources monitoring their systems and security and keeping it all up to date. For those who fail, the penalties can be crippling. Even smaller merchants and internet service providers (ISP) may require a year’s work to reach PCI compliance. That’s because this data security framework, mandatory for…

Tags: , ,
Categorized in:

ZenGRC v2.2 Release Features New System of Record Dashboard, Tree View Updates

Written by
Published 06/10/2016

In the latest ZenGRC product release we continue to add new and enhanced capabilities designed to make it easier and more efficient to manage your compliance program. Enhancements in v2.2 are now available and include: A New System of Record Dashboard The System of Record Dashboard tracks your progress as you build out ZenGRC as your compliance system of record, and allows you to monitor the status of ongoing updates to the system as requirements and business needs change. It shows the status of three ZenGRC objects: controls, objectives, and programs. The dashboard displays the completion status of each of these objects as they move from draft to final, and help you determine if controls are in scope. The System…

The New PCI-DSS v3.2 and What It Means For You

Written by
Published 06/06/2016

The PCI Security Standards Council released an update to the PCI Data Security Standard (PCI-DSS) at the end of April. The current version of PCI-DSS is now v3.2. If your organization is required to be PCI compliant, here are some key things to know that will help in the transition to the updated version: 1. Sunrise Period The new standard has a sunrise period of six months. This means if you have a PCI audit scheduled between now and October 31, 2016, you may choose to have the audit conducted against the PCI-DSS v.3.1 (old version), or v3.2 (current version). After October 31, you must use v3.2. 2. New Requirement Deadlines A number of new requirements are considered best practices…

Tags: , ,
Categorized in: