Have you almost quit your PCI Compliance job after submitting your organization’s Report on Compliance?

Don’t be shy. It’s okay if you walked away.

I almost quit I submitted the first PCI Report on Compliance I ever worked on.

December 21, 2012 a day that still dredges up heartburn.

But…

I didn’t quit.

I didn’t walk away.

Instead, I saw the opportunity to build a world class PCI DSS Compliance program.

I remember when I was working as an IT Security Project Manager responsible for the implementation of 10 different security projects for the new. cardholder data at a Fortune 100 Company. They had a job posting for a PCI Compliance Program Manager and I thought, why not?

The job description looked easy enough. In fact, I flipped my resume over on a whim during lunch on a Friday. Got called by the internal recruiter within 20 minutes and was interviewed on Monday and hired by Wednesday.

I had no idea what was really in store for me. Nobody did.

Because nobody I interviewed with understood HOW to run a successful PCI DSS Compliance program for a level 1 merchant.

If PCI Compliance were easy, every organization would be doing it, right?

But it’s not.

The sad statistic from the most recent Verizon Payment Security Report is that 57% of all merchants fail to sustain PCI DSS Compliance.

Why?

There are so many reasons. Where do we start?

Let’s start with the 5 PCI Compliance headaches everyone can live without.