PCI Assessment

NDB Advisory Using Compensating Controls for PCI DSS Compliance | The How and Why

Using Compensating Controls for PCI DSS Compliance | The How and Why

Many times, Payment Card Industry PCI compliance will have to be met with the use of compensating controls, that is, controls that are used to "counterbalance" and strengthen an inherent weakness in any given internal control. What's important to note for merchants, service providers, and any other third party providers involved in the processing, storage, or transmission of transaction data or cardholder data is that these very compensating controls must exceed the PCI DSS requirements for protection of cardholder data. Additionally, any compensating controls must employ the use of the "Compensating Control Worksheet", either by the entity that is conducting its own self assessment or by the Qualified Security Assessor (QSA) who is conducting the assessment. Just remember, these compensating controls need to meet and exceed the original intent and rigor of the PCI DSS standards set forth.

To learn more about the Payment Card Industry Data Security Standards and becoming PCI DSS compliant, please contact NDB, Advisory.

Sample image

Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at (800) 277-5415 x706



  • (800) 277-5415, ext. 706
PCI DSS Compliance Experts


Contact Us