Regulatory Compliance, Governance and Security

Oct 27 2008   8:51PM GMT

PCI DSS Compliance in Today’s Heightened Security World



PCI DSS stands for Payment Card Industry Data Security Standards. If you are a merchant or service provider who is directly involved in the processing, storage, or transmission of transaction data or cardholder data, then you should be looked upon as PCI DSS candidates for compliance.

As with any compliance mandate, costs can be expensive, it can be time consuming to go through the assessment, and it’s something that has to be conducted annually.

The very first thing organizations should do to prepare for PCI DSS compliance is to make sure their organization has documented policies and procedures in place. And why? Because a large part of the success of obtaining PCI DSS compliance is dependent on having these very documented policies and procedures in place. Don’t believe me? Well, take a look at the PCI DSS standards for yourself and read between the lines and you will quickly find that this is an absolute necessity.

If you do not have them or do not have the time and skills to write them, then I highly recommend you hire a consulting firm who is an expert at writing policies and procedures for PCI DSS.

Time and time again, this is one of the biggest weaknesses I seen in merchants, service providers and any other organization looking to become PCI DSS compliant.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: