2 3 5 6 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

PCI-DSS

PCI-DSSPayment Card Industry Data Security Standards

(PCI) stands for Payment Card Industry. Years back, Visa, Mastercard, Discover, and American Express came together and had an organization called the PCI Council formed. This council was formed from some of the best experts around the world. They created the PCI-DSS (Payment Card Industry Data Security Standards).
In a nutshell, any business that is processing credit cards is held to PCI Compliance. This is to ensure that customer credit cards are protected.

Today they are four levels of PCI “merchants”. They are as follows:

Level 1 – Businesses processing over 6 million cards
Level 2 – Businesses processing 1 to 6 million cards
Level 3 – Businesses processing 20,000 to 1 million cards
Level 4 – Businesses processing under 20,000 cards

ALL of these levels have to be PCI compliant. Compliance means that they are meeting all of the hundreds of controls that they are required to meet. All of the compliance requirements are in the PCI DSS v4.0 which you can download at the PCI Council’s website.

What it takes to become a successful PCI Auditor?

If you look at the requirements that have to be met, there are hundreds of them. You do not have to be super hands on technical to understand these. However, many businesses and organizations need someone that can speak knowledgably about these requirements and guide them towards compliance.

There are two paths you can follow to become a PCI Auditor:

1. You can learn as much about these controls, know them inside and out, and work for an organization that needs knowledge to help them work toward compliance. No certification is needed for this.

2. Once gaining PCI knowledge and experience, you can take the QSA route. A QSA is a Qualified Security Assessor that is certified by the PCI Council that is able to deliver a RoC (Report on Compliance). All level 1 merchants, because of the amount of card data, are required to have a QSA sign off on a RoC each year.

In order to be a QSA, you must work for a QSA company, which to date, there are only 385 of them. QSAs are also still rare and very hard to come by. Anyone that has good communication skills, is organized, becomes a SME (Subject Matter Expert) in PCI can have an extremely successful career.

 

 

Related Entries

Spread the word: