Compass IT Compliance Blog / PCI Compliance

How to Define Your Cardholder Data Environment (CDE) Under PCI DSS

How to Define Your Cardholder Data Environment (CDE) Under PCI DSS

Before an organization can implement Payment Card Industry Data Security Standard (PCI DSS) controls, it must answer a foundational question: what is in scope? The answer lies in the definition of the Cardholder Data Environment (CDE). Get it wrong, and everything built on top of it i …

Read Story

When to Hire a PCI Compliance Consultant (and What They Actually Do)

When to Hire a PCI Compliance Consultant (and What They Actually Do)

If your business stores, processes, or transmits cardholder data, PCI DSS compliance isn't optional. But knowing that you need to comply is a very different thing from knowing how to actually get there. Somewhere between your first self-assessment questionnaire and your first failed s …

Read Story

PCI DSS Compensating Controls: When & How to Use Them

PCI DSS Compensating Controls - When and How to Use Them

Every organization that stores, processes, or transmits payment card data eventually runs into the same wall. The Payment Card Industry Data Security Standard (PCI DSS) sets a clear bar, but a legacy system, a vendor limitation, or a business reality can make a specific requirement im …

Read Story

Maintaining Targeted Risk Analysis (TRAs) for PCI DSS Compliance

Maintaining Targeted Risk Analysis (TRAs) for PCI DSS Compliance

Every organization that processes, stores, or transmits cardholder data is required to protect it. That much is well understood. What is less understood, and where many organizations quietly fall short, is how they justify specific risk-based decisions inside their compliance program. …

Read Story

PCI Compliance for Small Business: A QSA's Field Guide to PCI DSS

PCI Compliance for Small Business: A QSA's Field Guide to PCI DSS

If you run a small business that accepts credit cards, the words "PCI compliance" probably land somewhere between mildly stressful and outright intimidating. I get it. I have spent years walking small merchants through the Payment Card Industry Data Security Standard (PCI DSS), and th …

Read Story

PCI DSS Penetration Testing: A Practical Compliance Guide

PCI DSS Penetration Testing A Practical Compliance Guide

Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …

Read Story

Subscribe by email