Action Required For Payment Card Industry Compliance
As we talked about in an earlier post, New Payment Card Industry (PCI) regulations are in effect as of July 1, 2010. In addition to standards for your accounting software these standards also cover other areas of business processes. If you process credit cards, there are questionnaires you are required to complete.
The PCI Security Standards Council was created as a collaboration between major card brands (Visa, MasterCard, American Express, Discover, and others) to prevent credit card fraud. The first PCI/DSS standards were set in 2004 and first round of regulations released in 2005. The current compliance document was published in October 2008, and requires all organizations who process credit cards to be in compliance as of July 2010.
Risks Of Non-Compliance
Of course you can hope that you never experience a data breach. However, if you do any time in the future and you have not gone through the steps to ensure that you comply with the standards, you could incur some major costs. Non-compliant organizations experiencing a data breach can expect to pay any and all of the following:
- Investigation costs
- Remediation costs
- Non-compliance fines from each card
- Card re-issuance costs ($20-30 per card)
- Ongoing compliance audits
- Victim notification costs
Becoming compliant with the standard is a good idea in any case. It helps provide your organization with protection against fraud, offers ideas for best practices in data security, and is applicable to other audits and assessments. In completing your evaluation, you will better understand your systems and understand where data assets reside on your network.
You can check your compliance by completing the appropriate questionnaire and then submitting it to your acquirer as proof of compliance. An acquirer may be your financial institution or other payment processing provider. The questionnaire you need to complete depends on the number of credit card transactions you process and the method you use to process them. You can tackle this complex process on your own and find the questionnaires at: https://www.pcisecuritystandards.org
An easier option is to get assistance from the experts. Trustwave is a leading provider of on-demand data security and payment card industry compliance management solutions to organizations throughout the world. The company can help you identify the correct questionnaire and explain how to answer the questions based on your organization’s situation. You can access this service at: https://pci.trustwave.com
If you have questions or concerns about PCI-DSS and your systems please contact our Helpdesk.