ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Blog / PCI DSS Certification Basics

1) What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) – Established by leading payment card issuers, the PCI DSS provides guidelines for securely processing, storing, or transmitting payment card data. The standard aims to protect organizations and their customers against payment card fraud and theft.

2) When do l need PCI DSS compliance?
All merchants must be compliant to the PCI DSS standard. Annual validation (or proof) is required by most merchant processors and is a way of demonstrating your environment is secure. Based on the number payment card transactions you conduct annually, you will require a Self-Assessment Questionnaire (SAQ) or and independent onsite audit.

Contact us if your business accepts, stores, or transmits card data. You require PCI DSS compliance validation.

3) How often do l need PCI DSS compliance?
PCI DSS is an annual certification – however you are required to maintain the security of your environment on a business-as-usual basis in order to achieve certification.

4) What are the different levels and what are the final deliverables?
Level 1 Merchant – Requires a Report on Compliance (ROC)
Level 2 Merchant – Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ)
Level 3 Merchant – Requires appropriate Self-Assessment Questionnaire (SAQ)

5) What is a Report on Compliance (ROC)?
A ROC must be completed by a Qualified Security Assessor (QSA) after a PCI DSS audit. It is then submitted to the merchant’s acquirer who; after accepting the ROC, sends it to the payment brand for verification.

6) What is a Self-Assessment Questionnaire (SAQ)?
Merchants are required to complete a Self-Assessment Questionnaire (SAQ) for PCI compliance. Which one you need, is determined by the way your business handles payment card data.

Click Here to View our post on the different SAQs.

7) How do l achieve PCI DSS Compliance?

You’ve come to the right place! We will work in partnership with you and get you there!
First, we need to determine which PCI DSS validation level is required for your business. Then we will assist you in addressing all requirements and attest your compliance annually.

ControlCase is your one-stop-shop! We will help you achieve compliance; as well as assist with the cyber security requirements that need to be completed, such as; vulnerability assessments, penetration testing, policy & procedures and security awareness training.

Contact Kimberly Simon at ksimon@controlcase.com to discuss your environment.

Related Blog

PCI DSS v4.0
PCI DSS 4.0
Quelles Sont les 12 Exigences de Conformité PCI DSS?
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. The requirements set forth by the PCI SSC are both operational and technical, and the core focus of these rules is always to protect cardholder data.
PCI DSS Compliance Checklist
Log4j Vulnerability and how to remain PCI DSS Compliant
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. The requirements set forth by the PCI SSC are both operational and technical, and the core focus of these rules is always to protect cardholder data.
PCI DSS Compliance Checklist

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC2, HIPAA, ISO 27001/2, CCPA, SWIFT, Microsoft SSPA, CSA STAR, SCA, PA DSS, PCI P2PE, PCI PIN, PCI 3DS, PCI Secure Software, PCI Secure SLC.

https://www.controlcase.com