Who is Richard Ewing?

Richard Ewing is a Product Economist and AI Capital Auditor. He is the Founder of Exogram, a verification infrastructure for AI. He audits R&D spend and surfaces hidden capital risks like technical debt, AI cost overruns, and zombie infrastructure. He has scaled B2B SaaS from $0 to $25M ARR. Published in CIO.com, Built In, Mind the Product, and HackerNoon.

What is a Product Economist?

A Product Economist treats product decisions as economic decisions. Instead of measuring velocity or story points, a Product Economist measures Return on Invested Capital (ROIC), Cost of Goods Sold efficiency, and technical debt in dollar terms. The methodology was coined by Richard Ewing.

What is the Technical Insolvency Date?

The Technical Insolvency Date (TID) is the specific quarter where maintenance costs consume 100% of available engineering capacity, reducing feature velocity to zero. Calculate yours free at richardewing.io/tools/pdi.

Exogram is verification infrastructure for AI, founded by Richard Ewing. It prevents hallucination propagation with admissibility control planes and state-hashing commit enforcement. LLMs generate language; Exogram maintains reality.

How do I calculate technical debt cost?

Use the free Product Debt Index (PDI) calculator at richardewing.io/tools/pdi to quantify hidden technical debt in dollar terms, calculate your Technical Insolvency Date, and benchmark against industry standards.

How much does AI cost per query?

AI costs range from $0.0001/query for small models to $0.10+/query for frontier models like GPT-4. Use the free AI Unit Economics Benchmark (AUEB) at richardewing.io/tools/aueb to calculate your specific AI cost structure.

Glossary/PCI DSS

Compliance & Regulation

1 min read

What is PCI DSS?

TL;DR

PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for organizations that handle credit card data.

PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for organizations that handle credit card data. Compliance is mandatory for any company that processes, stores, or transmits cardholder data.

PCI DSS has 12 core requirements organized into 6 goals: Build secure networks (firewalls, change defaults), Protect cardholder data (encryption, access control), Maintain vulnerability management (antivirus, secure development), Implement access controls (restrict access, unique IDs), Monitor and test networks (logging, testing), and Maintain security policy (documentation).

Compliance levels: Level 1 (>6M transactions/year — requires annual on-site audit), Level 2 (1-6M — SAQ + quarterly scan), Level 3 (20K-1M e-commerce — SAQ + quarterly scan), Level 4 (<20K — SAQ). Most SaaS companies use Stripe or similar PSPs to reduce PCI scope — the PSP handles card data, minimizing the company's compliance burden.

Why It Matters

Non-compliance risks: fines up to $500K/month, loss of card processing ability (business-ending for many SaaS companies), and liability for any data breach. Using a PCI-compliant PSP (Stripe, Braintree) is the fastest path to compliance.

Frequently Asked Questions

What is PCI DSS?

Payment Card Industry Data Security Standard — mandatory security requirements for organizations handling credit card data. Non-compliance risks fines, loss of card processing, and breach liability.

How do SaaS companies achieve PCI compliance?

Use Stripe or similar PSPs — they handle card data so you don't have to. This reduces your PCI scope to SAQ-A (the simplest level). Never store card numbers in your own database.

Need Expert Help?

Richard Ewing is a Product Economist and AI Capital Auditor. He helps companies translate technical complexity into financial clarity.

Book Advisory Call →

Explore More

Why It Matters

Frequently Asked Questions

What is PCI DSS?

How do SaaS companies achieve PCI compliance?

Related Terms

Need Expert Help?

Explore More

Free Tools

Glossary

Frameworks