As a Qualified Security Assessor (QSA) company, we are engaged by many organisations to assist them with obtaining PCI DSS compliance, as well as performing the formal annual audits.
We have noticed an increase in activity in the PCI DSS compliance space in the first half of this year, with many companies ramping up their compliance activities and some returning to resume archived PCI projects. This leads us to think that there may be a more concerted push by the Banks (and other financial institutions) to have their merchants – and service providers – achieve compliance.
We would be interested in hearing from other organisations out there to understand what their first-hand experience has been? Has the external pressure for achieving compliance gone up a few notches, or are organisations just reaching a level of maturity where they feel it is ‘time’ to take the next step? What are you seeing?