In the Verizon Payment Security Report published August 31, 2017, there was an alarming statistic: 44.6% of companies fall out of DSS Compliance within nine months of validation.
2018 is right around the corner, and that means there are some key deadlines approaching that could impact your organization’s PCI DSS compliance status.
Payment aggregation is relatively new in the PCI world, and hasn’t had much exposure to the QSA community. You may have run across some entities telling prospects and clients they have no PCI obligations for any transactions undertaken using their products.
A good assessment should take the entirety of the risk environment into consideration (think about supporting systems, vendor management, emerging malware, etc.) and not focus narrowly on one type of data, environment, or system...