I’ll be the first to admit that continuous PCI Compliance was beyond my grasp when I started my PCI journey in 2012. I was doing my best not to drown in a sea of confusion and chaos.

If something like our newest course, Implement Continuous PCI Compliance, existed a decade ago, I would have been all over this.

Read More!

Don’t Start Your 2023 PCI Report on Compliance Without Doing These 10 Essential Tasks FIRST:

The end of the first quarter is quickly approaching. It’s time to get your PCI Compliance house in order.

Because nobody wants to be the next Landry’s and have a $20M fine upheld by federal court.

1. You have a copy of the signed Statement of Work with your QSA

Make sure you have this statement of work at your fingertips throughout your assessment period. This agreement protects you and your QSA for work that is contractually agreed upon.

2. Complete an end-to-end PCI Scope Assessment

The success of your PCI Report on Compliance hinges upon an accurate PCI Scope Assessment.

Your scope assessment includes the who, what, where, when, why, and how of your cardholder data environment and anything or anybody that connects to your cardholder data environment.

Have you almost quit your PCI Compliance job after submitting your organization’s Report on Compliance?

Don’t be shy. It’s okay if you walked away.

I almost quit I submitted the first PCI Report on Compliance I ever worked on.

December 21, 2012 a day that still dredges up heartburn.

But…

I didn’t quit.

I didn’t walk away.

Instead, I saw the opportunity to build a world class PCI DSS Compliance program.

I remember when I was working as an IT Security Project Manager responsible for the implementation of 10 different security projects for the new. cardholder data at a Fortune 100 Company. They had a job posting for a PCI Compliance Program Manager and I thought, why not?

The job description looked easy enough. In fact, I flipped my resume over on a whim during lunch on a Friday. Got called by the internal recruiter within 20 minutes and was interviewed on Monday and hired by Wednesday.

I had no idea what was really in store for me. Nobody did.

Because nobody I interviewed with understood HOW to run a successful PCI DSS Compliance program for a level 1 merchant.

Let’s be real for a second – the report on compliance is mandatory for all level 1 merchants and any merchant regardless of level that is required to provide a report on compliance by either their acquirer or card brand. Most level 1 merchants fall out of compliance shortly after the ink is dry on their most recent report. Why? Because they don’t have a sustainability program. The RoC is treated like a bad surprise every year and that creates wasted effort, lost money, and burned out staff.