How do I become PCI Compliant?
Any company that accepts, processes, or stores credit card information needs to comply with the standards set by the Payment Card Industry.
How long does it take to become compliant?
The process to become PCI compliant can take anywhere from one day to two weeks. The amount of time it takes for a company to be considered PCI Compliant is dependent on the threats the PCI scan discovers and the amount of time it takes to complete the self assessment questionnaire.
What do I need to do?
In order to become PCI Compliant, you will need to have your server scanned for vulnerabilities. These scans are called Vulnerability Assessment Scans. The scan must be performed by Payment Card Industry Approved Scanning Vendors (ASV). There are several different companies that offer this service; however, they each differ in their own way.
Once you initiate a scan against your server, you will receive a Vulnerability Report, detailing any found vulnerabilities and their possible solutions. Depending on which ASV you choose, the report will differ. Each reported vulnerability will need to be addressed appropriately. Depending on the type of vulnerability, it could be as simple as installing an application patch, or blocking a port in a firewall.
Once the scan is complete, and you have resolved all outstanding vulnerabilities, you will need to report your compliance. Both the passing PCI Scan and Annual Self Assessment Questionnaire should be turned into your merchant bank. Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant.
Related Articles
- PCI Compliance - An Overview
- How do I become PCI Compliant?
- What are the requirements for PCI Compliance?
- What are the different PCI Compliant Merchant Levels?
PCI Compliance - An Overview
What is DNS?
What is SSL?
What are the requirements for PCI Compliance?
781 Views | No Comments