72% of merchants fall out of 

PCI DSS compliance within 6 months of achieving their Report on Compliance

2020 Verizon Payment Security Report

What sets merchants who have successful PCI Compliance programs apart from those that don’t? Merchants who can maintain their security controls long after they’ve submitted their annual Report on Compliance (RoC). That’s who.

Maintaining security around your cardholder data environment is complicated. No clear champion from the C-Suite, lack of attention on critical control areas, who’s job is it anyways?

We all can agree that mistakes happen. But a mistake repeated over and over again becomes a choice. The following are the biggest and most common mistake-choices merchants are making:

Mistake Number 1

Level 1 merchants have no idea what the scope of their assessment really is. They think they do. But they don’t. They don’t even know they have teams storing cardholder data on spreadsheets in SharePoint.

Mistake Number 2

Level 1 merchants don’t plan the work that’s required for their annual Report on Compliance. It’s a hot mess at the start and only gets worse.

Mistake Number 3

Level 1 merchants don’t have 4 quarters of passing ASV scans or internal and external scans and they’re still remediating pen test failures from 2 years ago.

Mistake Number 4

Level 1 merchants don’t have a build clean/keep clean process to help them manage configuration drift. 

Mistake Number 5

Level 1 merchants don’t have a way to alert personnel when in-scope servers stop logging; which means their security operations center can’t monitor, alert, and investigate daily security events.

Are you sick and tired of starting your annual Report on Compliance off with dozens of requirement failures? 

Payment Card Assessments is here to help. 

We’re hosting our first master class, Assess Smarter, Not Harder, on June 15, 2022. In our master class we’re going to address the five biggest mistakes most merchants make, why they continue to make them, how to take corrective action to strengthen your security posture. You’re also going to learn:

  • How to pinpoint and remediate key issues before, during, and after your annual Report on Compliance.
  • Master how to revise and enhance your critical compliance processes to show maturity in your compliance program.
  • Learn actionable steps on how to create a sustainable PCI DSS compliance program that saves time, effort, and money.
  • And we’re going to introduce you to Polaris PCA, the first of its kind automated workflow tool with a robust PCI Knowledge Base, integrated PCI DSS Industry Standards, and Payment Card Assessments’ Best Practices.

Register Today

Days Hours Minutes Seconds


Discover more from Payment Card Assesments

Subscribe to get the latest posts sent to your email.

4 Smart Ways To Stop Overcomplicating PCI Compliance

You can do PCI Compliance the Smart Way or the Hard Way. Which way do you choose?

You know that saying, “objects appear bigger in the rearview mirror,” right?

When it comes to PCI Compliance, satisfying the requirements often looks bigger the more you stare at them. And when you look at the requirements in isolation, they often look next to impossible to implement. Your brain (and my brain) want to over complicate what needs to be in place to secure the cardholder data environment.

Maybe you jump immediately to implementing the newest shiny security tool without thinking of how it will impact other in scope systems.

Maybe you leap to more complexity by adding layers of security controls and processes when one solid, repeatable process will do.

Or maybe you bury your head in the sand and sing lalalalalalalalalalala….(honestly, there were days I wish I could’ve done that!)

PCI Compliance doesn’t have to be complicated.

Here’s 4 smart ways to stop overcomplicating your PCI Compliance program:

Leave a Reply

Discover more from Payment Card Assesments

Subscribe now to keep reading and get access to the full archive.

Continue reading