To address some of the most common questions we receive about PCI assessments, we sat down with Lee Pierce, a PCI assessment expert with over 15 years in the industry.
After nearly two decades in the data security industry, we’ve gained some valuable insights—particularly when it comes to complying with the Payment Card Industry Data Security Standard (PCI DSS). To address some of the most common questions we receive about PCI assessments, we sat down with Lee Pierce, a PCI assessment expert with over 15 years in the industry.
Preparing for a PCI Assessment is no small task. The biggest challenge is that most businesses don’t have the staff available to focus their efforts on a PCI assessment. You may need to hire new staff or outsource some additional help.
Watch this video for more tips on how to prepare for your PCI assessment.
The cost of a PCI assessment can vary greatly. In the very low range, for a customer that outsources nearly everything that they do, the cost could be as low as 16 to 18 thousand dollars. Complex audits can cost tens of thousands of dollars, if not hundreds of thousands of dollars, depending on the locations, the processes and how many different parties need to be interviewed.
Even a short call with a SecurityMetrics representative can give you a more accurate estimate of what a PCI audit would cost you
Watch this video to learn more about the factors that go into the cost of a PCI assessment.
When it comes to determining whether or not you can self-assess, there are primarily two types of entities: merchants and service providers. As a service provider, you can choose to self-assess as long as you’re not a level 1 service provider. As a merchant, you can self-assess if you’re doing fewer than 1 million transactions per year.
Watch this video to learn more about who can self-assess for PCI compliance.
Point-to-point encryption (P2PE) is where it's at these days. It reduces scope, reduces complexity, reduces risk, and reduces cost. When implementing P2PE at your business, you need to make sure you have a validated solution.
Watch this video to learn more about P2PE.
What do you do if the PCI DSS changes after you’ve already proven your compliance? The standard is often updated because data security is constantly evolving.
Watch this video to learn how to handle this type of situation.
What is the difference between storing tokens and storing credit card data? A lot. You have effectively removed the need for protecting stored cardholder data if you properly implement tokenization.
Watch this video to learn more.
Should you reduce your PCI Scope? The answer is definitely yes. If you don’t reduce your scope, you’re looking at a nearly impossible success rate if you have any levels of complexity in your environment.
Watch this video to learn more about how and why you should reduce your scope.
It takes time and a little research to determine exactly what falls within your PCI scope. You have to look at every single process that’s going on, and sometimes it’s easy to overlook things.
Watch this video to learn how you can determine what’s in your scope.
A PCI Audit is kind of like a final exam, so what should you be focusing on to increase your chances of passing your assessment the first time?
Watch this video to hear tips on how to maximize your readiness, and also what to do if you receive a failing report on compliance.
Sometimes people think their payment processing solution alone determines whether or not they are PCI compliant. This is not the case. There are still a few PCI requirements in play even if you’re using P2PE.
Watch this video to learn about some of the additional requirements that pertain to the “human element” of PCI.
.svg)
