PCI DSS Compliance
Do any of these scenarios apply to you?
- You have a business and have decided to start accepting credit cards as payment.
- A vendor or bank you work with has requested that you become PCI DSS (Payment Card Industry Data Security Standard) compliant.
- You provide IT services for several organizations and one of those organizations takes credit card payments.
If so, then you need to be PCI DSS compliant.
There’s a lot of confusion with regard to PCI DSS compliance. To make matters worse, a lot of the big security companies who perform PCI DSS compliance don’t put forth the effort to engage with you properly. Instead, they just send you spreadsheets and expect you to already know how to fill them out, or they simply ask a few questions, have you sign a few documents, and then declare you “compliant.” Even for those individuals who are brave enough to go to the PCI DSS website and review the guidance, it can prove to be overwhelming and just leave you more confused than before. We can help.
Our personnel will engage with you directly, making sure that you have a full understanding of the requirements of PCI DSS. We go to great lengths to ensure that you have satisfied the requirements. We don’t just tell you whether you’re compliant or not and leave you to wonder how you will address the problems - we work with you to establish processes or implement technologies that will help you achieve compliance. In addition, we work to ensure the solution fits within your budget.
As an example of how we engage, we have established templates for our clients that are guaranteed to provide them compliance with the appropriate PCI DSS requirements. We work with your personnel to ensure that they understand exactly what each template is used for and how it applies to PCI DSS.
We stand behind our products. It is our goal that your personnel gain sufficient understanding so you won’t require our services in the future, thus saving you even more money and still maintaining compliance. We do have some clients that have us return every year, but these engagements are primarily just to give them a quick validation as to whether they have done their own assessment correctly - and at only a fraction of the time and cost of the initial compliance check.
The end goal of PCI DSS is to make sure that you are secure so as to minimize the possibility of having credit card information compromised. The standard has been refined multiple times, and once you are compliant you can rest assured that you have established a significant measure of protection for your customers’ data.
Contact us or use the form on this page for more information about our PCI DSS Compliance services or to begin the PCI DSS Compliance process with us.
PCI DSS FAQs
Who needs to be PCI DSS compliant?
All entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers need to be PCI DSS compliant. PCI DSS also applies to all other entities that store, process, or transmit cardholder data and/or sensitive authentication data.
Where can I find the latest PCI DSS standard?
The latest standard is v3.2, released April 2016. It can be found on the PCI Security Standards Council website here:
- Summary of Changes from PCI DSS Version 3.1 to 3.2
- PCI DSS v3.2 Press Release
- 10 Common Myths of PCI DSS
- PCI DSS v3.1 SSC Quick Reference Guide
- PCI DSS Self-Assessment Questionnaire (SAQ) Instructions and Guidelines v3.1