If PCI Compliance were easy, every organization would be doing it, right? 

But it’s not.

The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance. 

Why?

There are so many reasons. Where do we start?

Let’s start with the 5 PCI Compliance headaches everyone can live without.

PCI Compliance Headache Number 1

Your CIO believes you don’t need to worry about PCI DSS compliance because your organization stopped storing payment account data.

Did you just start grinding your teeth? 

I bet you did. 

It’s on you to explain to your CIO that your business still processes and transmits cardholder data and yeah, you still need to worry about PCI DSS Compliance.

Lack of PCI Compliance education and awareness from the top down and the bottom up permeates most organizations. 

What programs do you have in place to educate your staff?

Do you cover the PCI DSS basics?

How often to you make training available?

PCI Compliance Headache Number 2

Your organization insists on overlooking people and processes as in scope for PCI DSS Assessment.

Scope. 

Heavy sigh. 

If you hear one more person claim that call center agents aren’t in scope, your head might explode. 

If the call center agents are taking customer credit card numbers over the phone and keying it in via their laptop, not only are the agents in scope, but so are your VoIP system and the agents’ laptops.

PCI Compliance Headache Number 3

As long as  your PCI scope is a mess your Report on Compliance will be a mess. 

Speaking from experience, the mess is dreadful, stressful, and painful.

Your Report on Compliance or Self-Assessments depends on an accurate scope. 

If you think you have a handle on your scope, think again. 

Are you storing what’s in scope in your head? 

That’s not sustainable. What if you win the lottery?

Are you storing your scope on spreadsheets?

That’s not sustainable either. Which one is the right one? 

PCI Compliance Headache Number 4

You don’t know what evidence you need to provide to satisfy the DSS requirements

This will keep you running in circles and chewing on ibuprofen. 

If you want to stop the churn and the incessant back and forth with your technology SMEs and your QSA, download the Reporting Instructions. 

This document is hiding in plain sight and it will resolve many of your headaches.

PCI Compliance Headache Number 5

You’re eyeball deep in spreadsheets 

Nearly every organization is used to managing every.single.aspect. of PCI DSS Compliance in spreadsheets.

Which spreadsheet is the authoritative source?

Can a spreadsheet assign a task?

Do you really want to dig through 15 different spreadsheets to put a dashboard together for the next meeting with your CIO?

What if you could automate your entire PCI DSS continuous compliance program?

Watch How You Can Assign a Task in Less Than 10 Seconds!

What PCI Compliance challenge is causing the most stress and headaches in your organization? 

How can we help?

Let us know. Send us an email and let’s chat! 

support@paymentcardassessments.com

Discover more from Payment Card Assesments

Subscribe to get the latest posts sent to your email.

Tags: , , , , ,

Blog Posts

26 Feb 2025
Continuous PCI Compliance Program, PCI Report on Compliance

10 Critical Responsibilities of a PCI ISA

I remember when I was working as an IT Security Project Manager responsible for the implementation of 10 different security projects for the new. cardholder data at a Fortune 100 Company. They had a job posting for a PCI Compliance Program Manager and I thought, why not?

The job description looked easy enough. In fact, I flipped my resume over on a whim during lunch on a Friday. Got called by the internal recruiter within 20 minutes and was interviewed on Monday and hired by Wednesday.

I had no idea what was really in store for me. Nobody did.

Because nobody I interviewed with understood HOW to run a successful PCI DSS Compliance program for a level 1 merchant.

20 Mar 2023
PCI Report on Compliance

10 Essential Tasks To Do BEFORE You Start Your 2023 PCI Report On Compliance

Don’t Start Your 2023 PCI Report on Compliance Without Doing These 10 Essential Tasks FIRST:

The end of the first quarter is quickly approaching. It’s time to get your PCI Compliance house in order.

Because nobody wants to be the next Landry’s and have a $20M fine upheld by federal court.

1. You have a copy of the signed Statement of Work with your QSA

Make sure you have this statement of work at your fingertips throughout your assessment period. This agreement protects you and your QSA for work that is contractually agreed upon.

2. Complete an end-to-end PCI Scope Assessment

The success of your PCI Report on Compliance hinges upon an accurate PCI Scope Assessment.

Your scope assessment includes the who, what, where, when, why, and how of your cardholder data environment and anything or anybody that connects to your cardholder data environment.

Leave a Reply

Discover more from Payment Card Assesments

Subscribe now to keep reading and get access to the full archive.

Continue reading