Home > Myth 4: "I don't take enough credit cards..."
Top 5 Myths:
EMAIL THIS LICENSING & REPRINTS

Myth 4: "I don't take enough credit cards..."

13 Aug 2007 | SearchSecurityChannel.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

By John Kindervag

"…to need to be compliant." I have heard this statement from many clients. This is a common and broad misunderstanding of the requirements. While there are various levels of credit card merchant and service providers, there is no difference in compliance requirements. The fundamental confusion is between compliance and validation. PCI requires that any entity that stores, processes or transmits any credit card data to be in compliance with the PCI Data Security Standard. The amount of validation is the real differentiator.

Additionally, PCI assumes that each covered entity is always fully in compliance with PCI. I hear customers say that they must be compliant by such and such a date. That is wrong. What they need to understand is that they are assumed to be compliant right now, and there may be a date that they have to be validated as compliant. The fundamental difference between Level 1 and Level 4 PCI requirements is only regarding the amount of third-party validation that must be done to meet the certification process.

Any entity that takes credit cards takes enough credit cards to need to be compliant with PCI. The number of credit card transactions determines the level of validation, not compliance.


Five myths of PCI compliance

  Introduction to the myths of PCI compliance
  Myth 1: PCI is hard
  Myth 2: PCI will make us secure
  Myth 3: Encryption is scary
  Myth 4: "I don't take enough credit cards…"
  Myth 5: Product X will make me compliant
About the author
John Kindervag is a 20-year veteran of the high-technology world. He is the senior security architect for Vigilar Inc., where he helps corporations design secure networks and manages Vigilar's Vulnerability Assessment and Compliance Practice. Kindervag holds a Bachelor of Arts degree in Communications from the University of Iowa.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Regulatory Compliance Services
How will the planned changes in PCI-DSS affect the channel?
What are your regulatory compliance requirements for email security?
Payment Card Industry Data Security Standard (PCI-DSS)
How to Sell Regulatory Compliance Services
PCI Compliance Guide for Service Providers
Five myths of PCI compliance
Myth 1: PCI is hard
Myth 3: Encryption is scary
Myth 2: PCI will make us secure
Myth 5: Project X will make me compliant

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts