You are here

Common PCI DSS Misconceptions

It’s not a matter of if, but when your organization will have to comply with the Payment Card Industry’s Data Security Standard (PCI DSS). We often hear these common PCI misconceptions:

  • “I process a low number of credit card transactions, so I don’t have to be compliant with all rules.”
  • “I don’t store credit card information, so I don’t have to be compliant.”
  • “I’m ISO/SOX/SOC/HIPAA compliant, so I must be PCI-DSS compliant.”
  • “I passed a vulnerability scan, so I’m secure and compliant."

Even if you use a third party to process your transactions, your company must comply. If you don’t have the internal PCI expertise to perform a complete assessment, you need someone who can help you determine where your PCI gaps are and can tell you what you need to do to fix them.

Our Experience

Navigating complex compliance requirements can be a daunting prospect for many businesses. Given the extensive requirements of the PCI DSS, businesses of all sizes will be finding themselves impacted by these data security requirements.

Whether your business needs a Report on Compliance (ROC), PCI 3.2.1 gap analysis, or guidance on a PCI Self-Assessment Questionnaire (SAQ), Wolf offers the resources and experience to assist you through the process.

Our Approach

Wolf & Company is certified as a Qualified Security Assessor (QSA). As a QSA, Wolf & Company’s consultants are here to efficiently review the hundreds of required controls, different levels of compliance testing and certification, and various questionnaires and reports for your business.We have been qualified by the PCI Security Standards Council to have our consultants assess your compliance to the PCI DSS standard.