PCI compliance UK: The future of European merchant PCI compliance

This PCI DSS UK compliance guide offers advice on how to achieve merchant PCI compliance with expert advice and real-world case studies.

PCI DSS: Who knew a six-letter acronym could strike fear into the hearts of information security professionals the world over?

The requirements for compliance with the Payment Card Industry Data Security Standard are many and varied -- and sometimes confusing, particularly when different QSAs hand out conflicting advice.

This PCI DSS UK compliance guide looks at the future of European merchant PCI complaince as well as some of the most central aspects of PCI DSS compliance, from working with auditors and card brands to understanding complex technical requirements, such as those for call centre recordings and POS terminals. Real-world case studies and compliance experts offer practical advice that can help move your PCI DSS compliance program from theoretical to fully implemented.

PCI compliance guidelines overview: Getting started
(see link below)
It's no secret that PCI compliance can be a daunting task, but trying to approach it without a detailed strategy will make it nearly impossible. In this overview of PCI merchant compliance guidelines, expert Jan Fry, head of PCI services at pen-testing consultancy Procheckup, details how to avoid beginner's mistakes that could set your compliance program off on the wrong foot.

PCI QSA assessment quality: Dealing with conflicting advice
(see link below)
Achieving compliance can be difficult enough without the results of one PCI QSA assessment conflicting with another. Fortunately, the PCI SSC has recently taken steps to overcome this difficulty by offering an internal PCI auditor certification that will allow members of individual organisations to become trained in the PCI assessment process. This certification aims to ensure the advice your organisation receives is consistent and understandable. Also, with the appointment of PCI DSS EU Regional Director Jeremy King, hopes are high that greater clarity regarding mandates and uniformity of assessments will soon come about.

PCI call-recording regulations made easier
(see link below)
There's been much upheaval of late concerning the PCI call-recording requirements, including what information call centre workers should be allowed to hear, and what they shouldn't. Expert Mathieu Gorge provides advice on how to approach the call-recording regulations with both greater security and compliance in mind.

PCI-compliant POS terminals and PIN security requirements
(see link below)
As attackers have targeted point-of-sale devices as areas of general weakness, security of POS terminals has become of utmost importance. And while PCI PIN security requirements may seem daunting, they're nothing compared with the potential horrors of breached cardholder data (CHD). Some merchants have found success with PCI-compliant POS terminals that allow for immediate encryption and tokenised transportation of CHD to a data centre (the tokensation has also allowed online retailer Debenhams Retail Plc. to remove its data centre from PCI scope -- another cost-saving perk).

Read more on Regulatory compliance and standard requirements