Chase Palmer, CISSP, Senior Program Manager at SecurityMetrics has shared his thoughts on PCI Compliance.
As a leading provider of payment card data security, we at SecurityMetrics strive to help organisations comply with financial mandates such as the Payment Card Industry Data Security Standard (PCI DSS). Card Cutters are proud to be working with SecurityMetrics offering affordable PCI Compliance solutions to our merchants.
The PCI DSS was established in 2006 by the major card brands (Visa, MasterCard, American Express, Discover Financial Services, JCB International). All businesses that process, store, or transmit payment card data are required to implement the standard and become adhere to PCI Compliance Requirements.
The Cyber Security Breaches Survey series shows that nearly half of all UK businesses have identified a breach or attack in the last 12 months, and cybersecurity is an issue that affects UK businesses of all sizes and sectors. The 2017 survey shows that the number of businesses with an online presence is growing, as too is the number storing data on the cloud. Alongside this, there is an increasing prioritisation of cybersecurity, and more businesses have attempted to identify the risks they face.
We are thrilled to work with Card Cutters and to assist their merchants in achieving PCI compliance. If you are a merchant of Card Cutters, becoming PCI compliant may sound like a daunting task, but here are four steps that you can follow to reach PCI compliance:
Step 1 – Identify Your PCI Scope
To discover your own PCI scope and what must be included for your PCI compliance, you need to identify anything in your organisation that touches cardholder data. Ask yourself, “What devices do we use to store process, or transmit cardholder data?” We have a tool and agents that help you in this process and make identifying your scope a simple task.
Step 2 – Complete an SAQ
All merchants are required to complete a Self-Assessment Questionnaire (SAQ) for PCI compliance. Your specific questionnaire is determined based on how you handle payment card data (your PCI scope). Our agents are always standing by ready to assist you with any questions you may have about your SAQ.
Step 3 – Achieve a Passing Scan
Merchants that process, store or transmit cardholder data online are required to have external network vulnerability scans performed by an Approved Scanning Vendor (ASV) on their network or domain. Scans should be conducted quarterly and discovered vulnerabilities should be patched immediately. As an ASV, SecurityMetrics is qualified to conduct these scans, provide you with detailed reports on your results, and remedy any issues that are found.
Step 4 – Report Your Compliance
Once PCI compliant, merchants are required to report their compliance to Card Cutters. Don’t worry if you feel unsure of how to validate your compliance because SecurityMetrics will do this for you as part of our service.
By following these four steps you can reach PCI compliance for your organisation, and more importantly, you will be creating a secure environment for your customers’ data. SecurityMetrics makes PCI compliance a simple task for any organisation with 24/7 US-based support at your disposal.