PCI Compliance - How Difficult Is It Really?
February 4, 2008
PCI compliance has taken some time to implement but is now an adopted standard. What I am curious to know, is how many small business owners have looked at the self assessment questionnaire and thought “How on earth am I going to do this?”
I have a fairly technical background. I’m not a unix systems admin, but I can make my way around a server, and can program in several languages. I suppose what I’m saying is that I’m not a total newbie. I even thought I was pretty good at that sort of thing.
I decided to go through the PCI compliance checklist just to put myself to the test. About 3 minutes into the self assessment questionnaire I realized I was in trouble. There are questions about firewall security, demilitarized zones, IP spoofing, and so on. These are exceptionally detailed, specific network security questions.
I have access to good IT support that I can rely on. For PCI compliance issues, I can rely on this support. I realized however, that many small merchants do not have those resources at their fingertips. What I was left wondering was, how many small merchants have been through the PCI Compliance process and found it difficult?
After going through this process myself and seeing how difficult it was, I decided to partner with COMODO to provide PCI security scanning to our clients. COMODO provides a very high level of support and bundles in daily security scanning in addition to the quarterly PCI scan. The service is targeted towards smaller merchants. It’s quite a good value.
After I realized how hard the questionnaire was, it just didn’t seem right to send our clients out to find their own PCI scanning vendor. We now have a great solution to help our merchants achieve and maintain PCI compliance.
I would like to hear feedback from our clients and also from others - what was your experience like in order to become PCI compliant?