merchant

PCI DSS Compliance | Why You Need a QSA for Level 1 Compliance

PCI DSS Compliance for Level 1 Merchants and Service Providers is mandatory. In short, if you are a Merchant or Service Provider and have been called upon to become Payment Card Industry Data Security Standards (PCI DSS) compliant, then an on-site assessment by a Qualified Security Assessor (QSA) is what you will need.

A QSA is simply an individual who has gone through the licensing to become an expert in PCI DSS compliance. This is somebody who has been awarded the designation by the Payment Card Industry Security Standards Council, known as the PCI SSC.

For more information about PCI DSS compliance and in hiring a QSA for all your Level 1 needs, visit the official PCI DSS Resource Guide.

And lastly, MasterCard has now strengthened their requirements to make Level 2 merchants also undertake an on-site PCI DSS assessment.

PCI DSS | Payment Card Industry Compliance | Tips on Preparing for a PCI DSS Assessment

Are you a merchant or service provider having to comply with the Payment Card Industry Data Security Standards v1.2, commonly known as PCI DSS? If so, take a page out of a QSA’s play book for helping you prepare for a PCI DSS assessment. While we as QSA’s often talk about and spend much time on I.T. security and network issues, such as firewalls, routers, switches, and other hardware/devices/and technology utilities, let me bring your attention to an often overlooked area. Policies and procedures. That’s right-at the heart of any successful PCI DSS assessment are the development of policies and procedures that are detailed, current, relevant, and represent an actual “representation” of your organization’s control environment. How important are they? Important enough that there is an entire section of the PCI DSS requirements, known as “Maintain an Information Security Policy” is dedicated to policies and procedures. What’s more, sprinkled throughout various other sections of the PCI DSS requirements are more calls for policies and procedures. Thus, its paramount that you tackle this arduous and time consuming task as soon as possible. Don’t have a good PP writer on board-then contract it out to a PCI QSA firm that has experience in developing policies and procedures for your organization.