PCI DSS: The Good, The Bad and The Ugly
If your business protects, processes, stores or transmits payment card data, you’re probably familiar with the PCI data security standards. Twelve broad requirements and 220 security controls intended to reduce theft and misuse of cardholder data.
Maintaining compliance is not for beginners. Merchants often misinterpret PCI compliance guidelines and mistakenly believe they have met their obligation. The only way to be confident your organization can pass a PCI audit, is to have a PCI auditor assess your readiness.
ITPG Secure Compliance is a PCI Qualified Security Assessor (QSA)
It can be hard to know where to start with PCI DSS. Our QSAs look for the most common and serious security gaps that will trip you up on a PCI audit. These are the same gaps that leave your organization vulnerable to an attack.
Our QSAs have demystified the PCI process for hundreds of companies, and are now preparing clients for the changes ahead in PCI DSS v3.2.
New Requirements in 2018
Our v3.2 Readiness Package is a hands-on remediation plan to augment your PCI compliance program, covering each incremental change. Among them:
- New Multi-Factor Authentication Requirement for access to the card data environment
- New appendix for Designated Entities Validation (DESV) for service providers
- New 3.3 requirement for masking primary account numbers
- New requirements for monitoring critical security control systems
- More frequent penetration testing for service providers
- New requirement for service providers to have a compliance program
- New requirement for quarterly P&P compliance reporting
See our Webinar on PCI DSS 3.2: The Clock is Ticking! Click here.
PCI DSS v3.2 Goals
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
“ITPG’s approach for achieving PCI DSS compliance for our electronic payment process was the best I have experienced. Their strategy for finding the path of least resistance allowed us to meet PCI-related business goals and objectives, and their ability to provide strategic solutions and tactical gap remediation was exactly what we needed.”
— PCI DSS Client