promiss

I don't know if it's just that time of the year when retailers large an small are gearing up for Black Friday, or if it is something else but, <a href="http://www.hostingbay.com.au/newsite/html/pci_compliance.html">pci compliance</a>is on the minds of many and I felt compelled to blog about the discussions I've had with several organizations from School Districts to large privately held Level 1 companies lately, and why identity is at the center of it all.

Oh, and I'll also fill you in on a way for PCI Level 3 organizations to implement a solution for $100,000 which is the proposed amount of a fine if you are found non-compliant.

Identity is at the center of PCI becuase it requires organizations to restrict access of identified and authorized employees to getting at the identity information of customers.

The conversations I have had the past few weeks have been interesting. It turns out that one level 3 organization I spoke to has been trying for 2 years to come up with something that will get them compliant. Not because they wanted to, but because their bank wanted them to prove <a href="http://www.hostingbay.com.au/newsite/html/pci_compliance.html">pci compliance</a>. Interesting that banks are moving risk back to the customers, at least the little ones.

The other conversation I had was with a diversified company in the midwest that stores and uses a ton of information related to PCI, and their customers were the ones asking for proof that they were PCI complaint, or at least had protections in place at the same level or better than what the customer had. It was interesting because it seemed to me that their customer was trying to assess and mitigate risk and enforce policy and standards inside and outside their 4 walls, which is a HUGE issue for companies today, <a href="http://www.hostingbay.com.au/newsite/html/pci_compliance.html">pci compliance</a> or not.

pci compliance may be daunting and frustrating to many organizations, but it shouldn't be. With the launch of NDB Advisory's PCI forum, you'll get timely and informative responses to any questions you have regarding PCI compliance. NDB Advisory is a Qualified Security Assessor Company (QSAC) for PCI compliance.

Dallas, Texas (PRWEB) February 5, 2009 -- Payment Card Industry Data Security Standards compliance, commonly known as PCI DSS to many, is fast becoming a mandatory requirement for many merchants, service providers, and other third party processors and providers that are directly involved in the processing, storage, or transmission of transaction data or cardholder data. The who, what, when, where, and why of pci compliance can be daunting at times, as a vast amount of information must be read, comprehended and distilled for truly understanding the dynamics of Payment Card Industry Data Security Standards pci compliance.

Many entities being mandated to become PCI DSS compliant are frustrated by the lack of transparency in truly understanding what compliance entails. Questions abound, such as the following: 1. Do I need to be PCI compliant from a Qualified Security Assessor (QSA). Can I self-assess for PCI compliance, and if so, how does one go about doing this? Do I need penetration tests and scanning done on my network? These are just a small sample of questions we field every week from companies desperately trying to understand the complexities of PCI compliance.

NDB Advisory, a Qualified Security Assessor Company (QSAC), specializes in helping organizations meet the rigorous requirements of PCI compliance, and as such, we've built a handy, easy and simple to use forum on PCI compliance where you can post any question you want, resulting in a timely response from one of the industry's leading QSA auditors, Mr. Charles Denyer.

To learn more about Payment Card Industry Data Security Standards pci compliance, visit pciassessment.org and start posting your questions. We'll get right back to you with the answer you need.