PCI compliance

How to Become PCI Compliant

Target, Sony, Home Depot—you’ve witnessed how impactful data security breaches can be to an organization and its customers. But did you know you could pay $100,000 or more a month for not being PCI compliant and that 69 percent of consumers are less inclined to do business with a breached organization?

 

What you might be unsure of is exactly how to become PCI compliant and better protect your customer’s private data (and your bottom line) from falling victim to a data breach. But, there’s no need to stress about meeting PCI compliance! Just follow these four steps and strengthen your payment security:

 

  1. Discover Your PCI Compliance Level

The first thing you need to do is figure out what level of compliance you fall under. To accomplish this, collect data on how many transactions are done through your business with every major credit card brand (Visa, MasterCard, American Express, Discover and JCB).

 

  1. Take the PCI DSS Self-Assessment Questionnaire

Next, you’ll take the PCI DSS Self-Assessment Questionnaire (SAQ) where you’ll answer “yes” or “no” to a series of questions based on the requirements of PCI. After completing the SAQ, you’ll be aware of the missing pieces of your payment security.

 

  1. Fill Out a Formal Attestation of Compliance

After you’ve made the necessary changes to secure your payment security, you’ll need to fill out a formal attestation of compliance (AOC). The purpose of the AOC is to formally declare your business is PCI compliant. Once this step is completed, you can have a qualified security assessor review your findings and create a report on your compliance.

 

  1. File Your Documents

You’ve made it to the final step! Submit your filled SAQ and AOC to your bank and to the payment brands. Yes, this can be tedious but it’s the simplest part of the process.

 

Once you’ve completed these steps, an external Qualified Security Assessor (QSA) will perform a PCI compliance audit.

 

We know that becoming PCI compliant without the necessary expertise can be time-consuming, confusing and complicated. That’s why we offer our clients PCI compliance solutions that make protecting their reputation and client’s private data a breeze. Contact us today, and we’ll help you become part of the 20% of businesses that are fully compliant with standards.