Your processor is requiring that you validate compliance with the Payment Card Industry Data Security Standard (PCI DSS). You’ve reviewed the requirements on the PCI DSS website and installed a firewall, published security policies and expectations for your employees, physically secured hard copy files with sensitive data, destroyed all records that are no longer needed, ensured default passwords are not in use, installed an anti-virus program and truncate receipts.

You’ve shopped around, found a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) and paid the required fee. You logged into their website and signed up for the program that best fits your business [Self Assessment Questionnaire (SAQ) only or SAQ and quarterly vulnerability scans]. You completed the SAQ and scheduled the scans to run after your business hours on the first Tuesday of every quarter. You have the PCI validation form the QSA provided you, and you are now PCI DSS-compliant!

After all of that, you may think, “Whew, that’s over and done with! I can get back to the day-to-day operation of my business and taking care of my customers. I don’t have to worry about compliance or security until next year when my updated SAQ is due.”

That’s not even close to reality!

Payment Card Industry Data Security Standard (PCI DSS) compliance is just the beginning of creating a strong data security environment. The PCI DSS introduces the various facets of security and provides merchants with an overview of the security elements they have in place, those they need to tweak and those that must be added to provide the security needed to protect cardholder data and their businesses. Becoming PCI DSS-compliant is accomplished with two tools: the Self-Assessment Questionnaire (SAQ) and the vulnerability scans for merchants who use internet connectivity in their businesses. 

PCI compliance is an on-going procedure – and merchants must be vigilant in achieving and maintaining compliance. Learn tips on this – as well as how Heartland’s E3 solution safeguards sensitive information in the event of a compromise – in this article from the August issue of STORES magazine, the official publication of the National Retail Federation.