The Payment Card Industry Security Standards Council (PCI SSC) has identified a three-step process to maximize the security of cardholder data. They recommend to continuously monitor and enforce the use of controls specified in the PCI DSS and suggest that organizers approach this as a process and not a one-time (or even just annual) project. The continuous process recommended is:
- Assess: Identifying cardholder data, taking an inventory of IT assets and business processes for payment card processing and analyzing them for vulnerabilities.
- Remediate: Fixing vulnerabilities and eliminating the storage of cardholder data unless absolutely necessary.
- Report: Compiling and submitting required reports to the appropriate acquiring bank and card brands.