Who has to comply with PCI?
Any business that is going to transmit, use, or store credit card information.
What is the Cost of a Credit Card Data Breach?
On average, a PCI covered data breach costs a business $37 per breached record in fines. This may sound like a small amount, but given that companies have thousands or tens of thousands of credit card records in their systems, it can add up quickly. Added to that fine is the cost of repairing the breach and bringing your systems up to par.
How Does PCI Compliance Work?
PCI has levels of compliance. The level of compliance that applies to your business relates directly to the number of credit card transactions you have per year. As a company moves up in the levels of PCI compliance because of their volume of transactions, the compliance requirements become more stringent. Level One of PCI has 12 modules that you must meet numbering more than 220 individual compliance items.
How to Become PCI Compliant and Maintain Compliance?
- You need to have someone – either internal or an outsourced PCI compliance specialist – that understands the IT side of PCI compliance and has the time and ability to undertake the systems and security management, maintenance, and monitoring necessary to stay current.
- You need to hire a Qualified Security Assessor (QSA). This organization will dictate what modules you must meet, and they will access your adherence year by year.
- You need to hire an Approved Scanning Vendor (ASV). This organization regularly scans your perimeter for any credit card related data and is certified by the PCI Council.
What is Included in Our PCI Compliance Offering?
- Network Segmentation Designs
- Annual Penetration Testing
- Risk Assessments
- Questionnaire (SAQ) Preparation and Review
- Remediation Assistance
- QSA Report On Compliance On-Site Audits
- Internal Quarterly Vulnerability Assessments
- PCI Cardholder Data Environment Scoping
- PCI DSS Controls Gap Analysis
- Authorized Scanning Vendor Scanning
- Annual Penetration Self-Assessment
What to Look for in Hiring a PCI Compliance Specialist?
- Interaction – Someone that is concerned with sticking with you and helping you maintain PCI compliance as you scale and requirements for your business change
- Specialization – The PCI Council certifies individuals in PCI compliance. The certification is called QASV, and individuals with this certification are easily able to assist you.
- Trust – Trust is earned, and trust is also demonstrated by eliminating conflicts of interest. For example, the organization that assesses your PCI compliance and gives you passing scores should not be the same organization that does the day to day compliance management work.