Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
How can I be PCI DSS compliant?
What things do I need to do to be compliant? Is there a checklist I can look at?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
1 Answer
There are two components to the program. 1) compliance and 2) validation. Compliance is really nothing more than a "state of being". You either are or are not compliant. In the PCI DSS world there is no middle ground. That being said there is a "compliance spectrum". You can read more on a whitepaper I posted on the subject. http://www.propay.com/Media/MediaLibrary/475/File.ashx
First step is to download the standard at www.pcisecuritystandards.org. Next step is to determine what, if any, requirements you have to validate. Validation occurs through completion of a Self Assessment Questionnaire and network scan (for level 2-3 merchants and level 2 service providers) or completion of an onsite assessment and network scan. Level 1 merchants may be required to use a Qualified Security Assessor (check with your acquirer) and all level 1 service providers must use a QSA. To pursue compliance alone, the Self Assessment Questionnaires are good checklists to use. I would recommend using SAQ D and completing all relevant questions. The whitepaper references can provide some insight into how to identify what may ore may not be applicable.
Answer This Question