The Three Essential Elements of Authentic PCI Compliance

March 27, 2017 • Published Categories Acquirer Programs Tags , , ,

How many of your merchants are just checking the boxes?

Checkbox compliance is nothing new in the payments industry. In fact, Google “checkbox compliance” and you quickly see that thousands of posts have been written about it.

These posts describe the exercise of racing to put minimum controls in place just long enough to justify checking off requirements of an applicable compliance framework. Oftentimes in the case of PCI self-assessments, the process is even more abbreviated to the point where merchants check boxes to the affirmative without even understanding what’s being asked of them.

Equip your merchants for authentic PCI compliance.

Reports on cybercrime and data breaches continue to swell in the mainstream media, and thankfully, small and mid-sized businesses are taking notice. At ControlScan, we’ve seen an increasing move toward putting the right policies, processes and technologies in place, and maintaining them continuously.

ControlScan describes this as the pursuit of “authentic compliance”: An ongoing state of security awareness, demonstrated by a merchant who understands and continuously employs the fundamental technologies and processes required to protect sensitive data, such as that collected from payment cards.

To enable and accelerate this move toward authentic PCI compliance, your PCI program must equip merchants with the necessary critical resources. Access is most important to the following:

  1. Education: On-demand training and instructional content that is clear, consumable and accessible.
  2. Tools: Productized services that are tailored to the context and circumstances of the merchant’s business, as well as access to security services that address the more complex PCI requirements which are beyond the reach of most merchant staffing and expertise levels.
  3. Support: Trained experts on hand to explain the meaning of various PCI DSS requirements and to decipher the findings of PCI vulnerability scans and how to address them.

While most would agree that being compliant doesn’t necessarily mean you’re secure, driving toward authentic compliance is a very necessary first step up the security maturity curve.

What’s in it for you?

PCI programs that enable the merchant journey to authentic PCI compliance—and beyond to a stronger security posture—make a quantum leap over checkbox approaches. Taking this route, your business realizes greater value from reduced risk, expanded customer interaction and stronger overall merchant relationships.