A Publication of WTVP

The journey to PCI DSS compliance begins one swipe at a time.

Data security issues seem to be in the news every day recently. Credit card data breaches grab the headlines as companies are targeted by malicious individuals or organizations. Payment Card Industry Data Security Standards (PCI DSS) compliance is complex, and the journey to reach it can be confusing, with both merchants and service providers wondering how to begin.

Where to Start
Experience has shown there are some clear, focused steps you can take to begin your journey to PCI DSS compliance. Yes, a journey. PCI DSS compliance is not a checklist to be completed, but a set of security processes and practices that should become part of your company’s security framework and day-to-day operations.

Successful PCI Compliance
Successful compliance is based on the following core tenets:

Get Help If You Need It
Understanding the lengthy PCI DSS compliance requirements is a daunting task at best. It can be a huge benefit to have a friendly “translator” on this journey who understands the language of the standard and can guide you through the process. Visit to look for Qualified Security Assessor (QSA) companies, which have been qualified by the PCI Security Council to have their employees validate an entity’s adherence to the PCI DSS. QSAs know the standard and can assist in determining how your organization stacks up, as well as how to close any gaps.

Yes, the move to PCI DSS compliance will be a journey, but you can get there, one swipe at a time. iBi

Jody Speer, ITIL V3F, CRISC, CISA, PCI-QSA is engagement director of information security at CliftonLarsonAllen LLP. She can be reached at [email protected] or (612) 376-4696.