PCI (Payment Card Industry) compliance — a requirement for accepting credit card transactions — can be difficult. About 65% of global enterprises are still working on their PCI compliance initiatives. But PCI compliance is an ongoing effort, not a bounded IT security project. Insight into the process and the role of the qualified security assessor (QSA) can make it easier, while implementing standard security best practices upfront will ease the pain when the on-site audit begins.