1) What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) – Established by leading payment card issuers, the PCI DSS provides guidelines for securely processing, storing, or transmitting payment card data. The standard aims to protect organizations and their customers against payment card fraud and theft.
2) When do l need PCI DSS compliance?
All merchants must be compliant to the PCI DSS standard. Annual validation (or proof) is required by most merchant processors and is a way of demonstrating your environment is secure. Based on the number payment card transactions you conduct annually, you will require a Self-Assessment Questionnaire (SAQ) or and independent onsite audit.
Contact us if your business accepts, stores, or transmits card data. You require PCI DSS compliance validation.
3) How often do l need PCI DSS compliance?
PCI DSS is an annual certification – however you are required to maintain the security of your environment on a business-as-usual basis in order to achieve certification.
4) What are the different levels and what are the final deliverables?
Level 1 Merchant – Requires a Report on Compliance (ROC)
Level 2 Merchant – Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ)
Level 3 Merchant – Requires appropriate Self-Assessment Questionnaire (SAQ)
5) What is a Report on Compliance (ROC)?
A ROC must be completed by a Qualified Security Assessor (QSA) after a PCI DSS audit. It is then submitted to the merchant’s acquirer who; after accepting the ROC, sends it to the payment brand for verification.
6) What is a Self-Assessment Questionnaire (SAQ)?
Merchants are required to complete a Self-Assessment Questionnaire (SAQ) for PCI compliance. Which one you need, is determined by the way your business handles payment card data.
Click Here to View our post on the different SAQs.
7) How do l achieve PCI DSS Compliance?
You’ve come to the right place! We will work in partnership with you and get you there!
First, we need to determine which PCI DSS validation level is required for your business. Then we will assist you in addressing all requirements and attest your compliance annually.
ControlCase is your one-stop-shop! We will help you achieve compliance; as well as assist with the cyber security requirements that need to be completed, such as; vulnerability assessments, penetration testing, policy & procedures and security awareness training.
Contact Kimberly Simon at firstname.lastname@example.org to discuss your environment.