What is IRIS?

Customer Support: 866-510-2267

You're currently on:

PCI Compliance

PCI Compliance

PCI 1-2-3. A Simpler Way to PCI Compliance

The thought of losing or compromising a shopper's personal information is a critical concern of retailers. It makes shoppers reluctant to buy which costs retailers business. It's also a top issue for the credit card brands,which lose more than $1 billion a year to card fraud. The Payment Card Industry (PCI) Security Standards Council (an organization formed by the card brands) created the PCI Data Security Standard (DSS) to help merchants proactively protect customer account data.

Any merchant or service provider that stores, processes or transmits customer account data must comply with the PCI DSS controls and processes. If you don't, you risk costly fines, audit costs, restrictions or worse should a breach occur.


Achieving PCI compliance is easy as 1-2-3.

ControlScan makes it easier to meet PCI reqirements and protect your customers' important information. ControlScan's PCI 1-2-3 compliance solution, available online via a merchant portal called myControlScan.com, provides you with the leading tools and support necessary to analyze, remediate and validate PCI compliance at an affordable rate, including:

1. PCI 1-2-3 Self Assessment Questionnaire (SAQ)
  • Intuitive, simple-to-use tool even for the most novice user.
  • A picture-driven qualification step that helps you easily determine your Validation Type (as defined by PCI DSS version 2.0).
  • Expert help text and real-life examples.
2. PCI 1-2-3 Scanning
  • Network vulnerability scans for merchants that have external-facing IP addresses.
  • Web application scans (cross-site scripting, SQL injections and remote file inclusion) to find holes in Web-based applications.
  • Easy-to-understand reports that detail the scan results and prioritize vulnerabilities by severity.
  • Detailed instructions on how to remediate identified vulnerabilities.
3. PCI 1-2-3 Policy Builder
  • A set of custom security policies, powered by the Unified Compliance Framework (UCF), a leading provider of IT compliance, governance and regulatory content.
  • Policy templates that are automatically generated based on the way you process payment cards, making it easy for you to comply with this specific PCI DSS requirement.
4. PCI 1-2-3 Security Awareness Training

On-demand security training delivered in a non-technical, easy-to-consume manner which satisfies the PCI Data Security Standard (PCI DSS) security awareness requirement. Benefits include the following:

  • Equips you with a solution to combat the second leading cause of breaches, the mishandling of sensitive information; delivered via on-demand video or as a downloadable file.
  • Allows you to satisfy the PCI DSS requirement for a formal security awareness program (and affirmatively answer the SAQ question, "Is a formal security awareness program in place to make all employees aware of the importance of cardholder data security?").
  • Eliminates the need to purchase a costly security awareness training program from a third-party vendor.
  • Tracks employees' training completion rates through acknowledgement certificates.