Chances are you found this page because you’re a small business owner who heard about PCI compliance. Maybe you were notified by a bank or payment processor that you need to be compliant, or you read somewhere that similar businesses to yours have had to be compliant. In either scenario, you probably weren’t expecting it, […]
PCI Compliance for Small Business: How to Avoid Penalties Read More »
It’s common for companies with gaps in their PCI DSS compliance to wonder “How bad could it really be?” Knowing the possible extent of fines for non-compliance and being able to put dollar values on the risk, can help convince board members or executives to allocate the appropriate budget to your firm’s PCI compliance efforts.
How Bad Can PCI Compliance Fines Get? This Bad Read More »
The PCI Data Security Standards were recently updated to version 4.0. PCI DSS v4.0 was officially released on March 31st, 2022 and is replacing PCI DSS v3.2.1. This update to the PCI DSS is the first significant update to the security standards since 2018. Some evolving requirements include new or modified requirements added to the
How to Do PCI Security Awareness Training Right After v4.0 Read More »
A PCI Gap Assessment can be a valuable resource for your organization as you first begin your journey on PCI (before your first assessment) or while transitioning between PCI DSS versions (from version 3.2.1 to 4.0). The PCI Gap Assessment will help you understand where you are and tell you where you need to go.
Is a PCI Gap Assessment Worth It? 5 Key Questions to Ask Read More »
If you are a small or medium-sized business, you are most likely applicable to a PCI Self-Assessment Questionnaire (PCI SAQ). SAQs are a slimmed-down version of the PCI Report on Compliance (ROC). Depending on your PCI Level, which is determined by the number of transactions you process on an annual basis, a SAQ may be
How to Choose the Right PCI SAQ & Reduce Requirements Read More »
There are two kinds of PCI assessors: Qualified Security Assessors (QSAs) and Internal Security Assessors (ISAs). This article will focus on the former. QSAs are certified by the PCI Security Standards Council (SSC) to perform PCI assessments for other companies through consulting. A QSA has not only the knowledge to perform PCI assessments but also
PCI Qualified Security Assessors: A Buyer’s Guide Read More »
Attaining PCI certification for an organization, for the first time, is not a small undertaking, whatever path you take. But PCI compliance is one of the most impactful things you can do to better protect your card data and ultimately your business. PCI compliance helps you to secure your environment, benchmark standards, and serves as
How Long Does it Take to Get PCI Certified? Read More »
PCI DSS 4.0 is the latest release of the PCI Data Security Standards since Version 3.2.1 on May 17, 2018. Version 4.0 was released in Q2 of 2022 and has been updated to continue the effort and focus on securing cardholder data and the current (and future) state of the payment industry, while also promoting
PCI DSS 4.0: How-To Guide for Compliance Teams Read More »
An Approved Scanning Vendor (ASV) is a company approved by the Payment Card Industry Security Standards Council (PCI SSC) that offers a scan solution to validate a merchant or service provider’s (scan customer) compliance with PCI DSS Requirement 11.2.2. An ASV’s scan solution is the set of security services and tools used to scan a
PCI Approved Scanning Vendors: How to Choose & How to Save Read More »
