Ask yourself three questions:
- Can you demonstrate that all cashiers have completed a PCI security awareness training upon hire and at least annually?
- Can you demonstrate that each employee has read and signed your company PCI security policy and procedures?
- Can you demonstrate that all remote access users incorporate secure two-factor authentication?
If you cannot answer yes to all three questions, then you are not PCI compliant.
Answering these three questions is typically enough to determine that PCI compliance has not been achieved. However, becoming PCI compliant requires much more than answering these three questions. The full list of PCI Data Security Standard requirements is comprised of six broad goals with 12 requirements and dozens of sub-requirements.
PCI DSS Goals
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain information security policy
Our approach to PCI compliance support:
With the sheer volume and technical complexity of PCI DSS, becoming PCI compliant is beyond the reach of most Level 4 merchants. They are focused on running their business and do not have the time, expertise and resources to implement the required measures. This business challenge is at the heart of our approach to PCI compliance. We are committed to ensuring that you use our powerful tools and technology to become compliant. We roll up our sleeves and work with merchants, step-by-step, until they become PCI compliant. Corporate franchisors work with NuArx to develop customized programs for their franchise locations. NuArx measures and reports on compliance levels across the brand.