PCI DSS Compliance
PCI can be an intimidating, if not overwhelming process for companies small and large alike. The good news is that it doesn’t have to be. Within the following pages and links, we’ve provided some very useful information of what PCI DSS is, to whom it applies, and what it entails.
In a nutshell, the service merchants and service providers are required to complete include:
-
Vulnerability Scanning
- Levels 1 – 4, merchant and service provider
- Performed quarterly by an Approved Scanning Vendor (ASV)
- Scanning active IPs on a network in search of known vulnerabilities
-
Onsite PCI Audit
- Level 1 and Level 2 merchants are required to validate through an annual PCI DSS audit
- Level 1 and Level 2 service providers are required to validate through an annual PCI DSS audit
- The PCI Audit must be performed annually by a Qualified Security Assessor (QSA)
- The PCI Audit is an assessment and validation of the 12 PCI DSS controls
-
Network Penetration Testing
- Typically Level 1 and Level 2
- Performed annually by any qualified third-party
- An external, black-box network penetration test
-
Web Application/Application Code Review Assessment*
- Performed Quarterly or after any major release
- An assessment of an application usability, or application code for known vulnerabilities
* This can sometimes be replaced by attestation of an application firewall being installed and active
PCI DSS compliance obligations can vary depending on where an organizational plays in the credit card transaction lifecycle, and how many aggregate transactions are processed annually. The most common categories are as follows (click on one to learn more):
Call or email now for a discrete, no obligation review with one of our experts
(866) 430-2595 or This e-mail address is being protected from spambots. You need JavaScript enabled to view it
(866) 430-2595 or This e-mail address is being protected from spambots. You need JavaScript enabled to view it
