Demystifying Payment Compliance

By Lucas Zaichkowsky, senior compliance technologist, Mercury Payment Systems

Payment Card Industry Data Security Standard (PCI DSS) requirements apply to all system components (meaning network devices, workstations, terminals, servers, and applications) included in or connected to the Card Data Environment (CDE). You can approach compliance in one of two ways. The first is to apply all PCI DSS requirements to all system components in scope, requiring the most amount of effort. Alternatively, you can implement scope reduction technologies, then apply the remaining requirements to your now smaller set of system components in scope. Payment Applications can also benefit from using these technologies by reducing PA-DSS requirements or removing the need for PA-DSS altogether.