What is the process for getting a site certified as PCI-compliant?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

 

What is the process for getting a site certified as PCI-compliant?

See graphs for all steps here: http://www.dynamicnet.net/2012/04/pci_complance_process/

      1. Determine your merchant level.
      2. Determine your validation type.
      3. Complete and report an attestation of compliance and self assessment questionnaire (SAQ) annually.
      4. Complete and report results of all external vulnerability assessment scans (all public facing IP addresses used to process, view, or handle credit card data require scans) performed by an approved scan vendor (ASV) quarterly.
      5. Create and update an information security policy annually.

Utilize a PCI scanning tool that will provide a report on the level of compliance. If there are any failures, they will need to be addressed and resolved before a rescan is to take place.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Search