The Payment Card Industry Data Security Standard (PCI DSS) is well known among information security pros and solution providers alike. The requirements outlined in the standard, which include encryption and network security, are considered by the PCI DSS consortium to be a "bare minimum" description of the security technologies and practices needed to protect sensitive cardholder data.
Because the 12 requirements are quite varied and complex, PCI DSS compliance can be a daunting task for any company. Solution providers must be able to interpret the standard and assist customers in any and every aspect of the PCI DSS compliance process.
To assist with this process, we've compiled our best PCI DSS-related content to be used as a PCI resource to keep you up to date, and better equipped to help your customers become compliant. Peruse through the PCI compliance guide and become an invaluable PCI resource for your customers today!
PCI compliance overview
New to PCI DSS? Start here, with our Channel Explained feature, which offers a brief overview of the standard. Even if you just need a refresher before delving into the in-depth PCI content below, this is a great place to start.
The impact of PCI DSS compliance on the channel: This exclusive video presentation looks at PCI from a solution provider-specific perspective. Ed Moyle discusses how solution provider businesses are affected by PCI DSS, both through their customers, and through their own business dealings. He also explains one part of the PCI DSS that applies only to solution providers.
PCI compliance advice and troubleshooting
Top five PCI compliance mistakes and how to avoid them: This checklist outlines five of the most-common PCI DSS compliance mistakes made by solution providers. Learn what they are so you can avoid making them when working with customers.
PCI compliance services FAQ: Once you've got the most common mistakes down, take a look at our list of PCI DSS compliance services frequently asked questions. If you've ever had to find the answers to one of these questions, rest assured that you are not alone. This resource outlines the PCI levels and explains the penalties for noncompliance -- a "must-read" for any solution provider. After reading through the questions, be sure to also listen to the podcast, which goes further into the frequently asked questions.
Advanced PCI compliance
PCI compliance: Web application firewall vs. code review: Requirement 6.6 in the PCI DSS specifies the need for Web application firewalls or code review. Customers may be overwhelmed by this particular requirement, as choosing between the two options can be tricky. Being a PCI resource to aid in this decision will prove invaluable to your customers.
PCI DSS pre-assessment services: Prelude to a QSA: An advanced service that you can offer your customers is to provide a PCI DSS pre-assessment. Giving your customers an idea of their PCI DSS compliance posture prior to their hiring a QSA, which can save them time, and more importantly, money. Learn what this type of service entails in this Patrolling the Channel podcast.
