If PCI Compliance were easy, every organization would be doing it, right?
But it’s not.
The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance.
There are so many reasons. Where do we start?
Let’s start with the 5 PCI Compliance headaches everyone can live without.
PCI Compliance Headache Number 1
Your CIO believes you don’t need to worry about PCI DSS compliance because your organization stopped storing payment account data.
Did you just start grinding your teeth?
I bet you did.
It’s on you to explain to your CIO that your business still processes and transmits cardholder data and yeah, you still need to worry about PCI DSS Compliance.
Lack of PCI Compliance education and awareness from the top down and the bottom up permeates most organizations.
What programs do you have in place to educate your staff?
Do you cover the PCI DSS basics?
How often to you make training available?
PCI Compliance Headache Number 2
Your organization insists on overlooking people and processes as in scope for PCI DSS Assessment.
If you hear one more person claim that call center agents aren’t in scope, your head might explode.
If the call center agents are taking customer credit card numbers over the phone and keying it in via their laptop, not only are the agents in scope, but so are your VoIP system and the agents’ laptops.
As long as your PCI scope is a mess your Report on Compliance will be a mess.
Speaking from experience, the mess is dreadful, stressful, and painful.
Your Report on Compliance or Self-Assessments depends on an accurate scope.
If you think you have a handle on your scope, think again.
Are you storing what’s in scope in your head?
That’s not sustainable. What if you win the lottery?
Are you storing your scope on spreadsheets?
That’s not sustainable either. Which one is the right one?
PCI Compliance Headache Number 4
You don’t know what evidence you need to provide to satisfy the DSS requirements
This will keep you running in circles and chewing on ibuprofen.
If you want to stop the churn and the incessant back and forth with your technology SMEs and your QSA, download the Reporting Instructions.
This document is hiding in plain sight and it will resolve many of your headaches.
PCI Compliance Headache Number 5
You’re eyeball deep in spreadsheets
Nearly every organization is used to managing every.single.aspect. of PCI DSS Compliance in spreadsheets.
Which spreadsheet is the authoritative source?
Can a spreadsheet assign a task?
Do you really want to dig through 15 different spreadsheets to put a dashboard together for the next meeting with your CIO?
What if you could automate your entire PCI DSS continuous compliance program?
Watch How You Can Assign a Task in Less Than 10 Seconds!
What PCI Compliance challenge is causing the most stress and headaches in your organization?
How can we help?
Let us know. Send us an email and let’s chat!