ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Blog / PCI DSS Certification Basics

1) What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) – Established by leading payment card issuers, the PCI DSS provides guidelines for securely processing, storing, or transmitting payment card data. The standard aims to protect organizations and their customers against payment card fraud and theft.

2) When do l need PCI DSS compliance?
All merchants must be compliant to the PCI DSS standard. Annual validation (or proof) is required by most merchant processors and is a way of demonstrating your environment is secure. Based on the number payment card transactions you conduct annually, you will require a Self-Assessment Questionnaire (SAQ) or and independent onsite audit.

Contact us if your business accepts, stores, or transmits card data. You require PCI DSS compliance validation.

3) How often do l need PCI DSS compliance?
PCI DSS is an annual certification – however you are required to maintain the security of your environment on a business-as-usual basis in order to achieve certification.

4) What are the different levels and what are the final deliverables?
Level 1 Merchant – Requires a Report on Compliance (ROC)
Level 2 Merchant – Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ)
Level 3 Merchant – Requires appropriate Self-Assessment Questionnaire (SAQ)

5) What is a Report on Compliance (ROC)?
A ROC must be completed by a Qualified Security Assessor (QSA) after a PCI DSS audit. It is then submitted to the merchant’s acquirer who; after accepting the ROC, sends it to the payment brand for verification.

6) What is a Self-Assessment Questionnaire (SAQ)?
Merchants are required to complete a Self-Assessment Questionnaire (SAQ) for PCI compliance. Which one you need, is determined by the way your business handles payment card data.

Click Here to View our post on the different SAQs.

7) How do l achieve PCI DSS Compliance?

You’ve come to the right place! We will work in partnership with you and get you there!
First, we need to determine which PCI DSS validation level is required for your business. Then we will assist you in addressing all requirements and attest your compliance annually.

ControlCase is your one-stop-shop! We will help you achieve compliance; as well as assist with the cyber security requirements that need to be completed, such as; vulnerability assessments, penetration testing, policy & procedures and security awareness training.

Contact Kimberly Simon at ksimon@controlcase.com to discuss your environment.

Related Blog

Why PCI DSS 4.0 Should Be on Your Radar?
With the release of PCI v4.0, the countdown has started for organizations already PCI DSS Certified to transition from PCI DSS v3.2.1 to the new PCI DSS v4.0 standard. With the timelines of one year to prepare for v4.0 and two years to fully ready for v4.0 future dated requirements, it is time to assess readiness for PCI DSS v4.0 and establish a detailed plan to meet the requirements and timelines.
PCI DSS v4.0 | Webinar
Deep Dive into notable changes: Promote Security as a Continuous Process Increased Flexibility and Customized Approach Increased Alignment between PCI ROC and PCI SAQ Keep up with the security needs of the Payment Industry and landscape (such as MFA/phishing, etc.)
Seminario Web PCI DSS v4.0
Los temas por tocar serían: Cambios incluidos en PCI DSS v4.0 Cambios críticos de PCI DSS v3.2.1 a v4.0 Cambios metodológicos de PCI DSS v3.2.1 a v4.0 Nuevos requerimientos que podrían necesitar un mayor esfuerzo en la implementación Desde la perspectiva de Latam
Aide-Mémoire PCI DSS v4.0
La norme de sécurité des données PCI (PCI DSS) a été établie en 2004 par les principaux émetteurs de cartes de paiement. Elle est maintenue par le Conseil des normes de sécurité PCI. Il fournit des exigences opérationnelles et techniques pour protéger les données des titulaires de cartes.
PCI DSS 4.0
Hosted by ControlCase and the PCI Security Standards Council, this 45-minute webinar will cover: History of PCI DSS (including current version 3.2) PCI DSS v4.0 High-Level Changes PCI DSS v4.0 Timeline
PCI DSS v4.0
The goals for PCI DSS v4.0 are to continue to meet the security needs of the payment industry, to promote security as a continuous process, to add flexibility for different methodologies, and to enhance validation methods.

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC2, HIPAA, ISO 27001/2, CCPA, SWIFT, Microsoft SSPA, CSA STAR, SCA, PA DSS, PCI P2PE, PCI PIN, PCI 3DS, PCI Secure Software, PCI Secure SLC.

https://www.controlcase.com