Comparison of PCI Compliance

The Payment Card Industry (PCI) Data Security Standard (DSS)

The Payment Card Industry (PCI) Data Security Standard (DSS) PDF defines measures that should help protect customers credit card data from theft.  However compliance with the standards can be expensive for companies.  

PCI DSS compliance scope depends upon two things:

  1. Do you gather Credit Card data? If so then the short questionar should be addressed by independant audit.
  2. Do you store Credit Card Data? If so then the full questionair should be addressed by independant audit.

If you do neither then you can use the self assesment and state that you neither gather nor store credit card data.

Stratigy to minimize PCI compliance cost

Accourding to Gartner your stratigy should be to minimize the systems and processes in your company that are wtihin the scope of PCI DSS audit.  Possibly even to the poin that you can just use the self assesent to state you neither gather nor store credit card data.  

I have prepared this comparison of PCI compliance alternatives to help companies find the least expensive way to complie with PCI DSS.