Getting Help with PCI Compliance

August 5, 2010

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is required of any company accepting payment card transactions or storing payment card data. It is also rapidly becoming a defacto industry standard required of other businesses whose customers are concerned about information theft.

Launched to protect credit card information taken by merchants and ecommerce sites, PCI compliance is now showing up as a requirement in RFPs from corporations outsourcing data to SaaS/Cloud Computing companies.

For large transaction volumes or large data sets, an on-site audit by a certified Qualified Security Assessor (QSA) is usually required (learn more). Others can complete a Self Assessment Questionnaire, but may need the assistance of a QSA to accurately assess their situation and close any compliance gaps (learn more).

The costs of getting it wrong can be huge if your company suffers a data breach. Costs for PR, legal, IT forensics and damage to customer relationships can dwarf the costs of creating a secure data environment and processes.

We recommend getting help from a certified QSA even if you are not required to do so. They know the detailed requirements and alternate solutions to your gaps. While many security companies focus on large clients with large security budgets, boutique security firms such as Moyo Group can be of great value to midsize companies with modest budgets. Working with a QSA who also has IT architecture and operations experience will provide much more bang for your buck.

For further information or to arrange a free assessment, contact Marc Manuel at 408-550-8066, mmanuel@moyogroup.com.