If PCI Compliance were easy, every organization would be doing it, right? 

But it’s not.

The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance. 

Why?

There are so many reasons. Where do we start?

Let’s start with the 5 PCI Compliance headaches everyone can live without.

PCI Compliance Headache Number 1

Your CIO believes you don’t need to worry about PCI DSS compliance because your organization stopped storing payment account data.

Did you just start grinding your teeth? 

I bet you did. 

It’s on you to explain to your CIO that your business still processes and transmits cardholder data and yeah, you still need to worry about PCI DSS Compliance.

Lack of PCI Compliance education and awareness from the top down and the bottom up permeates most organizations. 

What programs do you have in place to educate your staff?

Do you cover the PCI DSS basics?

How often to you make training available?

PCI Compliance Headache Number 2

Your organization insists on overlooking people and processes as in scope for PCI DSS Assessment.

Scope. 

Heavy sigh. 

If you hear one more person claim that call center agents aren’t in scope, your head might explode. 

If the call center agents are taking customer credit card numbers over the phone and keying it in via their laptop, not only are the agents in scope, but so are your VoIP system and the agents’ laptops.
Previous
Next

PCI Compliance Headache Number 3

As long as  your PCI scope is a mess your Report on Compliance will be a mess. 

Speaking from experience, the mess is dreadful, stressful, and painful.

Your Report on Compliance or Self-Assessments depends on an accurate scope. 

If you think you have a handle on your scope, think again. 

Are you storing what’s in scope in your head? 

That’s not sustainable. What if you win the lottery?

Are you storing your scope on spreadsheets?

That’s not sustainable either. Which one is the right one? 

PCI Compliance Headache Number 4

You don’t know what evidence you need to provide to satisfy the DSS requirements

This will keep you running in circles and chewing on ibuprofen. 

If you want to stop the churn and the incessant back and forth with your technology SMEs and your QSA, download the Reporting Instructions. 

This document is hiding in plain sight and it will resolve many of your headaches.

PCI Compliance Headache Number 5

You’re eyeball deep in spreadsheets 

Nearly every organization is used to managing every.single.aspect. of PCI DSS Compliance in spreadsheets.

Which spreadsheet is the authoritative source?

Can a spreadsheet assign a task?

Do you really want to dig through 15 different spreadsheets to put a dashboard together for the next meeting with your CIO?

What if you could automate your entire PCI DSS continuous compliance program?

Watch How You Can Assign a Task in Less Than 10 Seconds!

Play Video

What PCI Compliance challenge is causing the most stress and headaches in your organization? 

How can we help?

Let us know. Send us an email and let’s chat! 

support@paymentcardassessments.com

Tags: , , , , ,

Blog Posts

02 Aug 2021
PCI DSS, PCI Report on Compliance

Firewalls and Routers: How to Take Control of Unruly Firewall Rules, Configurations and Network Connections

Best Practice: Developers and system administrators request changes to firewall rule sets all the time. Whether it’s to do work on system components or test system components, these changes can make a mess out of your rule sets. It’s so easy for someone to unintentionally request an “any” rule which is prohibited in the cardholder data environment. Our best advice is to insert your ISA or someone on the compliance team into the firewall rule change review.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.

%d bloggers like this: