As we draw closer to July 1, 2015 - the date PCI DSS requirement 9.9 moves from a best practice to an enforceable requirement - industry experts continue to weigh in with their perspective on what the new portion of the standard will mean for merchants.
One of our first partners, Sysnet Global Solutions, who specialize in PCI DSS compliance validation and merchant intelligence solutions, have been leaders in thinking and talking about what 9.9 means.
Their new white paper "PCI DSS v3.0: A closer look at Requirement 9.9 - Payment Terminal Protection" author Jason McWhirr, CISSP takes a look at just what the requirement is asking and what you'll need to do to comply.
The main focus of the piece is to spell out exactly what is needed to comply, which he breaks into the following catagories:
1) Inventory – Know what you have, and who is responsible
2) Risk – Know how exposed your payment devices are
3) Train – Know what to look for and who to report to
4) Inspect – Checking the terminals
5) Evidence – Maintain a record of inspections, findings, and incidents
If you haven't started planning for the requirement yet, now is the time. Contact us today to see how SpotSkim makes it as easy as possible to comply with PCI DSS requirement 9.9.