You Can Survive a PCI-DSS Assessment

A QSA Primer on Best Practices for Overcoming Challenges and Achieving Compliance

Merchants and processors who accept or process credit or debit card transactions are under increasing scrutiny to ensure cardholder data is securely handled and stored. Visa recently announced a new Compliance Acceleration Plan that requires level one and two merchants and their acquirers to comply with the PCI Data Security Standard by the end of the year. Those failing to do so are likely to face substantial fines. Visa doled out over $4.6 million in fines in 2006.

This whitepaper will cover the process and assessment objectives of the PCI assessment, scope of systems that will be assessed as part of the audit, and how to implement automated solutions to strengthen security controls and reduce the cost of complying with PCI. There will be in-depth discussions and analysis of PCI-defined system components, including servers, firewalls, and wireless networks. Along the way, you'll learn what to do (and not do) as they share from "real world" audit experiences and best practices.

You'll learn:

• The requirements of the PCI Data Security Standard
• The scope of a PCI audit for critical system components
• PCI audit objectives and the controls you need in place to meet them
• How automated tools can improve reporting accuracy, reduce costs, and provide information sooner