{"id":4320,"date":"2018-11-28T18:20:32","date_gmt":"2018-11-28T18:20:32","guid":{"rendered":"https:\/\/www.paymentfacilitator.com\/?p=4320"},"modified":"2021-07-29T21:27:53","modified_gmt":"2021-07-29T21:27:53","slug":"payment-facilitators-and-pci-everybody-has-to-start-somewhere","status":"publish","type":"post","link":"http:\/\/infinicept.com\/payment-facilitator\/expert-perspectives\/compliance\/payment-facilitators-and-pci-everybody-has-to-start-somewhere\/","title":{"rendered":"Payment Facilitators and PCI: \u201cEverybody Has to Start Somewhere\u201d"},"content":{"rendered":"<p><strong>An organization\u2019s PCI scope \u2013 the components of its business that need to be included in an assessment \u2013 can have a dramatic impact on the costs for that company to comply with the security standard\u2019s requirements. <\/strong><\/p>\n<p><strong>According to Chris Bucolo, that\u2019s the fundamental reason payment facilitators need to \u201cengage early.\u201d <\/strong><\/p>\n<p>Bucolo, vice president of market strategy for ControlScan, told the audience at PF WORLD 2018 that working with trusted advisors \u2013 including a qualified security assessor (QSA) \u2013 early in the business planning process can help organizations make fundamental decisions that impact their scope.<\/p>\n<p>Bucolo emphasized that compliance with the PCI data security standard requires a holistic approach. He named three elements to PCI security: \u201cIt\u2019s the software, it\u2019s the hardware, and it\u2019s the overall environment and the merchant environment that it\u2019s being used in,\u201d he said.<\/p>\n<p>Companies often make the mistake of thinking they <em>are<\/em> PCI compliant because they have compliant systems or applications, he said, without understanding that they need to evaluate the environment where those systems operate.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/wy8JhpF3s6o\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>Bucolo also advised the audience that card brands appear to be expecting more from payment facilitators when it comes to submerchant compliance with PCI.<\/p>\n<p>\u201cIt used to be your processor would just say, \u2018try to educate them.\u2019 Now they\u2019re saying, \u2018are you educating them?\u2019 and it\u2019s moving into \u2018are you helping them get compliant?\u2019\u201d he said.<\/p>\n<p>For payment facilitators, PCI compliance efforts begin with a gap analysis, which he reassured the audience does not necessarily mean that they will find \u201cgaping holes\u201d in their systems.<\/p>\n<p>\u201cIt\u2019s more about getting you ready by understanding what\u2019s missing,\u201d he said.<\/p>\n<p>Most organizations have only a fraction of the requirements in place, he said. So, companies should not view an initial lack of compliance as a failure when they\u2019re beginning the process of assessing their PCI-related needs.<\/p>\n<p>\u201cEverybody has to start somewhere,\u201d he said.<\/p>\n<p><em>Watch for additional insights from around the payment facilitator ecosystem as we continue to share video from PF WORLD 2018 in future weeks.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An organization\u2019s PCI scope \u2013 the components of its business that need to be included in an assessment \u2013 can have a dramatic impact on the costs for that company to comply with the security standard\u2019s requirements. According to Chris Bucolo, that\u2019s the fundamental reason payment facilitators need to \u201cengage early.\u201d <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","_FSMCFIC_featured_image_caption":"","_FSMCFIC_featured_image_nocaption":"","_FSMCFIC_featured_image_hide":"","footnotes":""},"categories":[1025],"tags":[171,191,671,672,674,687],"class_list":["post-4320","post","type-post","status-publish","format-standard","hentry","category-compliance-expert-perspectives","tag-chris-bucolo","tag-controlscan","tag-pci","tag-pci-compliance","tag-pci-dss","tag-pfworld2018"],"acf":[],"_links":{"self":[{"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts\/4320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/comments?post=4320"}],"version-history":[{"count":2,"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts\/4320\/revisions"}],"predecessor-version":[{"id":7509,"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/posts\/4320\/revisions\/7509"}],"wp:attachment":[{"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/media?parent=4320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/categories?post=4320"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/infinicept.com\/payment-facilitator\/wp-json\/wp\/v2\/tags?post=4320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}