In PCI Compliance Essentials we’re dropping serious nuggets of wisdom to help organizations get everyone from system administrators, incident response handlers, billing, C-level executives and everyone else who has a piece of the PCI pie ON THE SAME PAGE and speaking THE SAME LANGUAGE.
Unless you’ve been living under a rock, PCI DSS v4.0 goes into effect on March 31, 2024. Here’s 4 key PCI DSS Compliance processes that you need to have in place by year end.
Is your PCI DSS Compliance program is all over the place? Do you have your asset inventory in 7 different spreadsheets? If you answered yes, maybe it’s time to automate key controls and your assessment process. Read on to find out how!
Have you almost quit your PCI Compliance job after submitting your organization’s Report on Compliance?
Don’t be shy. It’s okay if you walked away.
I almost quit I submitted the first PCI Report on Compliance I ever worked on.
December 21, 2012 a day that still dredges up heartburn.
I didn’t quit.
I didn’t walk away.
Instead, I saw the opportunity to build a world class PCI DSS Compliance program.
I remember when I was working as an IT Security Project Manager responsible for the implementation of 10 different security projects for the new. cardholder data at a Fortune 100 Company. They had a job posting for a PCI Compliance Program Manager and I thought, why not?
The job description looked easy enough. In fact, I flipped my resume over on a whim during lunch on a Friday. Got called by the internal recruiter within 20 minutes and was interviewed on Monday and hired by Wednesday.
I had no idea what was really in store for me. Nobody did.
Because nobody I interviewed with understood HOW to run a successful PCI DSS Compliance program for a level 1 merchant.
If PCI Compliance were easy, every organization would be doing it, right?
But it’s not.
The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance.
There are so many reasons. Where do we start?
Let’s start with the 5 PCI Compliance headaches everyone can live without.
Wait a second.
There’s a painless way to complete a PCI Report on Compliance?
You’ve got to be kidding me.
I’m not kidding you.
Ready? Keep reading!
Let’s be real for a second – the report on compliance is mandatory for all level 1 merchants and any merchant regardless of level that is required to provide a report on compliance by either their acquirer or card brand. Most level 1 merchants fall out of compliance shortly after the ink is dry on their most recent report. Why? Because they don’t have a sustainability program. The RoC is treated like a bad surprise every year and that creates wasted effort, lost money, and burned out staff.