Regulatory Compliance, Governance and Security

Apr 30 2009   1:46PM GMT

PCI DSS Compliance | Getting Started on PCI DSS Compliance for Merchants



PCI DSS compliance is having a profound impact on businesses today. In short, the Payment Card Industry Data Security Standards (PCI DSS) is mandatory for any business involved in the processing, storage, or transmission of transaction data or cardholder data. As a result, this compliance requirement “should” be affecting millions of U.S. businesses. I say “should” because the lack of enforcement is resulting in a large number of organizations not complying with the PCI DSS standards. That could change as merchant processors and payment gateways are forced to have all their merchants comply with the standards. As a PCI-QSA assessor who conducts PCI DSS assessments, i’m starting to field many calls from merchants who have been contacted by their third party payment processor telling them they need to be PCI compliant.

I honestly think most merchants want to and will comply with PCI, but the “who, what, where, and why” of PCI DSS compliance can be quite vague at times. So, to be fair to merchants, some eduction is needed on this topic.

Thus, first and foremost, you will need to identify your transaction volume, that is, the number of transactions you undertake on a yearly basis for payment cards. This will help you identify what “level” of compliance you fall into. This handy reference guide for transaction volume will help you with this.

Once you’ve identified what “level” of compliance you fall into, you can then contact a PCI DSS specialist for helping assist in your compliance matters.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: