Note from the Editor: This article was originally published in February 2017. It has been updated with resources current to PCI DSS version 3.2.1.
Did you know that 80% of organizations are not compliant with PCI DSS requirements? That means, if you’re reading this, there’s a pretty good chance your company needs to make adjustments to ensure a fully compliant payment processing infrastructure.
PCI DSS compliance doesn’t happen overnight, and maintaining compliance year after year can be even more difficult. In fact, only 29% of companies surveyed were in compliance a year after validation. With these statistics in mind, we’ve compiled a collection of the best PCI DSS security and compliance resources to help you become and stay compliant, even as new standards are rolled out.
1. PCI DSS Quick Reference Guide [PDF]
This PDF guide provides a comprehensive overview of PCI DSS version 3.2.1 requirements, necessary security controls and processes, instructions on how to comply with PCI DSS and a list of trusted resources. Published by the PCI Security Standards Council, it’s authoritative and comprehensive.
Why we love it:
For anyone just beginning their research on PCI DSS, this guide is a great place to start. Keep in mind, the PCI Security Standards Council typically releases a new guide when the next version of requirements is confirmed. Check their website for the most up-to-date version and further resources.
2. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions [Book]
Voted among the Best Business and Leadership Books of 2018 on Amazon, Slava Gomzin's book is a must-have guide for anyone responsible for securing credit and debit card transactions, and offers an inside look at how these systems can be hacked. To beat the enemy, you must know the enemy.
Why we love it:
In the last few years POS hacks have become more prevalent (Orbitz, Huddle House, and EatStreet, for example). With a reader rating of 4.3 out of 5 stars, this book provides real and actionable solutions on how to achieve better security at the point of sale.
3. The Hacker Playbook 3: Practical Guide To Penetration Testing [Book]
This resource goes above and beyond PCI DSS compliance to teach security professionals how to protect against hacking through the game of penetration hacking and hands-on examples. Packed with new materials and described by readers as a “must have” “masterpiece”, this top-rated book made our list of recommended PCI DSS security resources for good reason.
Why we love it:
This step-by-step guide is top-rated, and takes a unique approach to preventative security, helping readers better understand all the ways their infrastructure could be compromised. Author Peter Kim is an information security expert and researcher, and this third edition of The Hacker Playbook expands on and updates his previous releases.
4. Validation Requirements [Infographic]
Are you a visual learner? Then this infographic is a great place to start when looking to understand PCI DSS validation requirements.
Why we love it:
The chart is straight-forward, allowing anyone to quickly understand which validation requirements their organization falls under.
5. Reduce PCI DSS Scope [SlideShare]
Most PCI DSS compliant businesses are looking to minimize the cost and effort that comes with PCI DSS compliance. Fortunately, there are a few key ways to reduce the scope of PCI DSS, and this helpful SlideShare explains them.
Why we love it:
While this SlideShare was originally released for PCI DSS version 3.1, we find that the tips and tricks for reducing PCI DSS overhead, beginning on slide 23, carry over to version 3.2.1. Reducing PCI DSS scope is a very important aspect of PCI DSS compliance, and can greatly help to reduce the costs dedicated to maintaining compliance.
6. PCI DSS Compliance Made Easy [Video]
In this 3-minute video, a small business owner explains how PCI DSS compliance affects him, his customers, and his business. He also explains the important risks of non-compliance.
Why we love it:
PCI DSS compliance applies to so many types of businesses, and the importance of these regulations can easily be missed by small business owners focusing on day-to-day operations. This video takes a personable, engaging approach to PCI DSS compliance.
Looking for more videos? Try the 5 minute "What is PCI DSS? A Brief Summary of the Standard"
7. Acquirers: How to Give Your PCI DSS Compliance Program a Tune Up [Infographic]
If you’re confident that your organization is already meeting PCI DSS compliance, this infographic is for you. Learn four ways you can give your PCI DSS compliance program a tune-up, to ensure on-going compliance in years to come.
Why we love it:
In a sea of resources on “what is PCI DSS” and the basics to becoming compliant, this infographic speaks to those organizations that have moved past that stage in their compliance.
Want more PCI DSS compliance resources? Check out our new guide on how GoAnywhere Managed File Transfer helps to make PCI DSS compliance easy.
