If your organization has to comply with the Payment Card Industry Data Security Standards (PCI DSS), you’ll want to visit the new Dell SecureWorks PCI Compliance Resource Center. Dell SecureWorks has assembled a collection of tools and information to help you understand the PCI DSS requirements, and how we can help you address them with our information security services.
The resource center features links to whitepapers, frequently asked questions, videos, and other content designed to help de-mystify PCI compliance. You can even take a short quiz to test your PCI compliance aptitude. You’ll also find links to recent and upcoming Webcasts such as Tuning Your PCI Program for Maximum Performance, Understanding the PCI Compliance Risk Ranking and Scanning Requirements, and Putting Out PCI Fires: How Next Gen Firewalls Can Help Your Compliance and Security Program, featuring PCI experts from Dell SecureWorks, Qualys, and Dell SonicWALL.
PCI DSS compliance requires any organization that transmits, processes, or stores data that contains payment card information to protect the privacy and confidentiality of that data. In addition to retailers, the PCI standards affect financial institutions, healthcare providers, transportation service providers, the food and hospitality industry, and payment service providers, among millions of others of organizations. The fines and penalties for non-compliance can be steep and can even lead to payment card privileges being revoked.
However, becoming PCI compliant can be difficult to achieve and even harder to maintain, even for larger merchants. According to the most recent statistics from Visa, approximately 97 percent of Level 1 merchants -- organizations with greater than 6 million transactions per year -- and 93 percent of Level 2 merchants have demonstrated PCI compliance within the past year. However, many of these organizations are still at risk for a data breach, as the PCI compliance standards are no substitute for a strong information security program.
In addition to meeting the requirements of PCI DSS, merchants and service providers must also validate their compliance each year, as well as submit a passing vulnerability scan performed by an ASV. Merchants must also undergo an annual onsite audit performed by a QSA or complete a Self-Assessment Questionnaire (SAQ), depending on their merchant level. If a Level 2 to 4 merchant suffers a breach that results in a data compromise, it may be escalated to a Level 1 validation level. As an Approved Scanning Vendor (ASV) and Qualified Security Assessor (QSA), Dell SecureWorks has helped hundreds of enterprise companies meet and maintain the PCI compliance requirements while improving their overall security program.
If your organization is dealing with PCI compliance, what are your biggest challenges or achievements? What information would you like to see included in future updates to the PCI Compliance Resource Center?