.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Maintaining Targeted Risk Analysis (TRAs) for PCI DSS Compliance
by Kelly O’Brien on May 19, 2026 at 10:50 AM
%20for%20PCI%20DSS%20Compliance.jpg)
Every organization that processes, stores, or transmits cardholder data is required to protect it. That much is well understood. What is less understood, and where many organizations quietly fall short, is how they justify specific risk-based decisions inside their compliance program. …
PCI Compliance for Small Business: A QSA's Field Guide to PCI DSS
by Derek Boczenowski on May 14, 2026 at 3:32 PM
If you run a small business that accepts credit cards, the words "PCI compliance" probably land somewhere between mildly stressful and outright intimidating. I get it. I have spent years walking small merchants through the Payment Card Industry Data Security Standard (PCI DSS), and th …
PCI DSS Penetration Testing: A Practical Compliance Guide
by Derek Boczenowski on April 30, 2026 at 3:23 PM
Here is a conversation we have more often than we would like to admit. We are on a call with an organization that processes payment cards, and we ask how they are tracking against PCI DSS. The response comes back fast and confident: "Oh, we are good. We have an ASV doing our quarterly …
7 Proven Ways to Reduce Your PCI DSS Compliance Scope
by Kyle Daun on April 2, 2025 at 1:30 PM
For businesses handling payment card transactions, achieving and maintaining PCI DSS (Payment Card Industry Data Security Standard) compliance is essential. However, the journey to compliance can often be expensive and complex. One of the most effective ways to reduce both the financi …
New PCI Requirements Released for SAQ A Merchant Validation
by Kyle Daun on February 3, 2025 at 11:49 AM
The PCI Security Standards Council (PCI SSC) recently introduced significant updates for merchants validating their compliance using Self-Assessment Questionnaire A (SAQ A). These updates, part of PCI DSS v4.0.1, reflect industry feedback and evolving security concerns, particularly t …
PCI DSS 4.0 Password Requirements: A Guide to Compliance
by Derek Boczenowski on November 20, 2024 at 2:16 PM
As cyber threats evolve, ensuring the security of sensitive payment card data has become increasingly crucial for businesses across all industries. The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a framework for safeguarding payment card data, incl …