Case Study Of PCI DSS Compliance

1553 Words7 Pages
PCI DSS Compliance and How to Become PCI DSS Compliant.

What is PCI Compliance?
PCI compliance is officially known as Payment Card Industry Data Security Standard (PCI DSS). It’s a proprietary information security standard for all organizations that store, process or transmit branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover.
It’s a universal security standard that was first set up in December 2004 when the credit card companies came together to form Payment Card Industry Security Standards Council (PCI SSC) the organization behind PCI DSS. The most current PCI DSS (version 3.2) came out in April 2016.
Before the formal security standard was established, the different credit card companies had their own set of rules and
…show more content…
An Approved Scanning Vendor (ASV) is an organization with a set of security services and tools (ASV scan solutions) that conduct external vulnerability scanning services to validate with the external scanning requirements.
As for if you need it, it depends.
If you’re applying for an SAQ A-EP, you need it. It’s one of the questions in the form and while AOC A it doesn’t necessarily mean that you need to be performing scans by approved ASVs.
So, from the point of view of SAQ/AOC A, an ASV scan is not needed. At the same time, some acquirers (payment providers) have it as one of the requirements to use their services. Again, it’s important to your providers directly even if you are applying for SAQ A. The scanning vendors ASV scan solution is tested and approved by PCI SSC before an ASV added to list.

Compliance Process Summary
1. Determine your compliance level with your bank and different credit card companies. Remember, each has their own slightly different rules.
2. Complete the relevant Self-Assessment Questionnaire according to its instructions.
3. Complete the relevant Attestation of Compliance form (contained in your SAQ
Get Access