If PCI Compliance were easy, every organization would be doing it, right?
But it’s not.
The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance.
Why?
There are so many reasons. Where do we start?
Let’s start with the 5 PCI Compliance headaches everyone can live without.
PCI Compliance Headache Number 1
Your CIO believes you don’t need to worry about PCI DSS compliance because your organization stopped storing payment account data.
Did you just start grinding your teeth?
I bet you did.
It’s on you to explain to your CIO that your business still processes and transmits cardholder data and yeah, you still need to worry about PCI DSS Compliance.
Lack of PCI Compliance education and awareness from the top down and the bottom up permeates most organizations.
What programs do you have in place to educate your staff?
Do you cover the PCI DSS basics?
How often to you make training available?
PCI Compliance Headache Number 2
Your organization insists on overlooking people and processes as in scope for PCI DSS Assessment.
If you hear one more person claim that call center agents aren’t in scope, your head might explode.
If the call center agents are taking customer credit card numbers over the phone and keying it in via their laptop, not only are the agents in scope, but so are your VoIP system and the agents’ laptops.
Previous
Next
PCI Compliance Headache Number 3
As long asyour PCI scope is a mess your Report on Compliance will be a mess.
Speaking from experience, the mess is dreadful, stressful, and painful.
Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.