thePCI Portal

COVID and Compliance (April 27, 2020)

Compliance assessment activities and regular compliance activities (i.e. penetration tests, employee training, etc) may be disrupted during COVID.

Retail locations may be closed, staff may be unavailable.

Obviously human safety trumps any PCI DSS compliance concerns.  Merchants and QSAs do have questions about compliance in COVID times.

We are still awaiting to hear  from the acquirers and cardbrands on what options might be available.  I think that additional information will be available shortly and I will keep this page up to date.  I think its safe to assume that COVID-19 impact respite is likely available and, currently, you will need to reach out directly to your acquirer for more specific guidance.

March 9, the Council released information about conducting “on site” assessments here.  Nothing much new, just a link to existing remote guidance and the advice that “…if you experience any issues meeting your compliance obligations, please be sure to discuss with your Brands or Acquirer.”.

COVID news from Acquirers and Card Brands  regarding PCI DSS compliance of Merchants:

Ad below this line:

As well, the PCI GURU and other security consultants are having an online discussion on BrightTALK (a technology media company that provides professional webinar hosting) titled “Dealing with PCI DSS Compliance During the COVID-19 Crisis” on March 25 2020.

Leave a Reply