ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Blog / PCI DSS Certification Basics

1) What is PCI DSS?
Payment Card Industry Data Security Standard (PCI DSS) – Established by leading payment card issuers, the PCI DSS provides guidelines for securely processing, storing, or transmitting payment card data. The standard aims to protect organizations and their customers against payment card fraud and theft.

2) When do l need PCI DSS compliance?
All merchants must be compliant to the PCI DSS standard. Annual validation (or proof) is required by most merchant processors and is a way of demonstrating your environment is secure. Based on the number payment card transactions you conduct annually, you will require a Self-Assessment Questionnaire (SAQ) or and independent onsite audit.

Contact us if your business accepts, stores, or transmits card data. You require PCI DSS compliance validation.

3) How often do l need PCI DSS compliance?
PCI DSS is an annual certification – however you are required to maintain the security of your environment on a business-as-usual basis in order to achieve certification.

4) What are the different levels and what are the final deliverables?
Level 1 Merchant – Requires a Report on Compliance (ROC)
Level 2 Merchant – Requires a Report on Compliance (ROC) OR appropriate Self-Assessment Questionnaire (SAQ)
Level 3 Merchant – Requires appropriate Self-Assessment Questionnaire (SAQ)

5) What is a Report on Compliance (ROC)?
A ROC must be completed by a Qualified Security Assessor (QSA) after a PCI DSS audit. It is then submitted to the merchant’s acquirer who; after accepting the ROC, sends it to the payment brand for verification.

6) What is a Self-Assessment Questionnaire (SAQ)?
Merchants are required to complete a Self-Assessment Questionnaire (SAQ) for PCI compliance. Which one you need, is determined by the way your business handles payment card data.

Click Here to View our post on the different SAQs.

7) How do l achieve PCI DSS Compliance?

You’ve come to the right place! We will work in partnership with you and get you there!
First, we need to determine which PCI DSS validation level is required for your business. Then we will assist you in addressing all requirements and attest your compliance annually.

ControlCase is your one-stop-shop! We will help you achieve compliance; as well as assist with the cyber security requirements that need to be completed, such as; vulnerability assessments, penetration testing, policy & procedures and security awareness training.

Contact Kimberly Simon at ksimon@controlcase.com to discuss your environment.

Related Blog

PCI DSS Compliance Checklist
PCI Asia Pacific Community Meeting
PCI Europe Community Meeting
ControlCase New CEO Reinforces One Audit for Compliance with Multiple Regulations
PCI Security Standards Council Announces 2020 – 2022 Global Executive Assessor Roundtable
How to define PCI DSS Scope?
When it comes to scoping for PCI DSS, many organizations struggle to understand where PCI DSS controls are required to be implemented and which systems need to be protected. Many organizations still have problems figuring out which systems are in PCI DSS scope and which systems are not.

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC2, HIPAA, ISO 27001/2, CCPA, SWIFT, Microsoft SSPA, CSA STAR, SCA, PA DSS, PCI P2PE, PCI PIN, PCI 3DS, PCI Secure Software, PCI Secure SLC.

https://www.controlcase.com