{"id":2251,"date":"2013-01-31T00:00:00","date_gmt":"2013-01-31T00:00:00","guid":{"rendered":"http:\/\/otava.test\/understanding-big-pci-compliance-pitfalls\/"},"modified":"2025-11-07T06:23:03","modified_gmt":"2025-11-07T06:23:03","slug":"understanding-big-pci-compliance-pitfalls","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/","title":{"rendered":"Understanding Big PCI Compliance Pitfalls"},"content":{"rendered":"

PCI DSS (Payment Card Industry Data Security Standards) compliance is important to any company processing, storing, or transmitting cardholder data. However, its 12 security requirements are complex (each requirement is broken down into many different sub-categories so that at the end of the day there\u2019s over 200 points to consider) and technical, causing many companies to stumble when working towards compliance.<\/p>\n

In 2011, only 21 percent of organizations were found to be PCI compliant<\/a> upon their first assessment. This was only up one percent from the year before, which is disconcerting for consumers who have been bombarded this year with news of data breaches<\/a> on top of data breaches<\/a>. Understanding some of the biggest issues surrounding PCI compliance can help sidestep potential costs from breaches and non-compliance, and preserves a company\u2019s reputation.<\/p>\n

Understanding Scope<\/strong>
\nA big hurdle for businesses working toward compliance is understanding what is in scope. Thinking simply, it\u2019s anything within the company that transmits, stores, or processes cardholder data<\/a>. A smart first step would be to go through the actual life-cycle of cardholder data within the company. Understanding how the data moves through a system, and what components that data touches along the way can clarify what areas will fall under what is called the Cardholder Data Environment (CDE)<\/a>, and is in scope. Any system that is connected to that CDE is considered in scope as well, and will need to be compliant. Drawing diagrams of how the data flows throughout an organization helps to see how systems are connected, and will help more clearly define scope for the company.<\/p>\n

It\u2019s also important to understand which vendors are considered in scope. If you outsource your PCI hosting<\/a>, for example, the hosting provider will need to be compliant as well. One good way to do the due diligence of making sure a prospective vendor is compliant is making sure that they have an independent audit report, and that they\u2019re willing to share it with you.<\/p>\n

Prioritizing Policies and Procedures<\/strong>
\nPCI compliance is much more prescriptive than some other types of compliance that companies might need (HIPAA compliance<\/a>, for example, is quite a bit more subjective, and not as technically specific), but that shouldn\u2019t overshadow how important the policies and procedures are in structuring the IT implementation. Spending time on these policies allows the processes to be streamlined and clear for any employees carrying out compliance measures. Having both employees and higher level management looking at universal processes in place removes ambiguity, and thus helps reduce the risk of non-compliance or worse yet, a breach.<\/p>\n

Support From Upper Management<\/strong>
\nThis is possibly the most important point that can be made, as it has an effect on all compliance efforts. The attitude of Upper Management often dictates how policies and procedures are determined, and the effects of that can be seen within implementation. The entire organization can\u2019t look at PCI compliance as a short-term project, but rather as a long-term process. For example, it is stated within PCI DSS that antivirus<\/a> is mandatory, so an organization gets the antivirus it needs in order to be compliant. However, if the attitude toward compliance is that it\u2019s a nuisance rather than a necessity, a company might not have procedures and manpower allocated toward updating and maintaining this antivirus regularly. This not only causes non-compliance, but puts the organization at risk if a malicious attack was to be made on the company.<\/p>\n

Maintaining and updating security tools can be a time-consuming process, requiring certified professional IT staff. Outsourcing managed services<\/a> and technical security<\/a> may be the answer for companies that want to maintain not only their PCI compliance, but also a secure environment to safely house their customer cardholder data.<\/p>\n

Other resources to check out:
\nPCI Compliant Hosting FAQ<\/a>
\nWhat Is PCI Compliance?<\/a>
\nBenefits of PCI Compliant Hosting<\/a><\/p>\n

\n

\"PCI<\/a>Looking for more information on PCI hosting requirements, recommendations, and the foundation of a secure PCI compliant data center<\/a>?<\/p>\n

Download our PCI Compliant Hosting white paper<\/a> now for a complete guide to PCI hosting with IT vendors.<\/p>\n

Still have questions? <\/strong>Contact us<\/a> or chat<\/a> with us now. Find out more about our fully compliant, PCI hosting solutions<\/a>, or submit a quote request<\/a> for your project today.<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

PCI DSS (Payment Card Industry Data Security Standards) compliance is important to any company processing, storing, or transmitting cardholder data. However, its 12 security requirements are complex (each requirement is broken down into many different sub-categories so that at the end of the day there\u2019s over 200 points to consider) and technical, causing many companies to stumble when working towards compliance. In 2011, only 21 percent of organizations were found to be PCI compliant upon their first assessment. This was only up one percent from the year before, which is disconcerting for consumers who have been bombarded this year with news of data breaches on top of data breaches. Understanding some of the biggest issues surrounding PCI compliance can help sidestep potential costs from breaches and non-compliance, and preserves a company\u2019s reputation. Understanding Scope A big hurdle for businesses working toward compliance is understanding what is in scope. Thinking simply, it\u2019s anything within the company that transmits, stores, or processes cardholder data. A smart first step would be to go through the actual life-cycle of cardholder data within the company. Understanding how the data moves through a system, and what components that data touches along the way can clarify what…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2251","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nUnderstanding Big PCI Compliance Pitfalls | OTAVA<\/title>\n<meta name=\"description\" content=\"Discover the biggest PCI compliance pitfalls, learn how to define scope, vendor roles and policies to protect your cardholder data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding Big PCI Compliance Pitfalls\" \/>\n<meta property=\"og:description\" content=\"Discover the biggest PCI compliance pitfalls, learn how to define scope, vendor roles and policies to protect your cardholder data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-01-31T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-07T06:23:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Understanding Big PCI Compliance Pitfalls\",\"datePublished\":\"2013-01-31T00:00:00+00:00\",\"dateModified\":\"2025-11-07T06:23:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\"},\"wordCount\":710,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\",\"url\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\",\"name\":\"Understanding Big PCI Compliance Pitfalls | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\",\"datePublished\":\"2013-01-31T00:00:00+00:00\",\"dateModified\":\"2025-11-07T06:23:03+00:00\",\"description\":\"Discover the biggest PCI compliance pitfalls, learn how to define scope, vendor roles and policies to protect your cardholder data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Understanding Big PCI Compliance Pitfalls\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding Big PCI Compliance Pitfalls | OTAVA","description":"Discover the biggest PCI compliance pitfalls, learn how to define scope, vendor roles and policies to protect your cardholder data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/","og_locale":"en_US","og_type":"article","og_title":"Understanding Big PCI Compliance Pitfalls","og_description":"Discover the biggest PCI compliance pitfalls, learn how to define scope, vendor roles and policies to protect your cardholder data.","og_url":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/","og_site_name":"OTAVA","article_published_time":"2013-01-31T00:00:00+00:00","article_modified_time":"2025-11-07T06:23:03+00:00","og_image":[{"url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Understanding Big PCI Compliance Pitfalls","datePublished":"2013-01-31T00:00:00+00:00","dateModified":"2025-11-07T06:23:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/"},"wordCount":710,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/","url":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/","name":"Understanding Big PCI Compliance Pitfalls | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage"},"thumbnailUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","datePublished":"2013-01-31T00:00:00+00:00","dateModified":"2025-11-07T06:23:03+00:00","description":"Discover the biggest PCI compliance pitfalls, learn how to define scope, vendor roles and policies to protect your cardholder data.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#primaryimage","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2019\/04\/pci-white-paper-sm.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/understanding-big-pci-compliance-pitfalls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Understanding Big PCI Compliance Pitfalls"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2251"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2251\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2251"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}