United States

Continual PCI compliance

Securing cardholder data on a year-round basis

WHITE PAPER  | 

Download white paper

The Payment Card Industry Data Security Standard (PCI DSS) requires an annual compliance audit for organizations with a high volume of customer payment card (credit, debit or prepaid) transactions. The PCI DSS is designed to protect customer card information with continual compliance throughout the year, but many organizations focus only on compliance prior to the audit process. Unfortunately, many companies experience data security incidents because of this approach, meeting the letter, but not the spirit of regulations.

In addition to creating vulnerabilities for data breaches, several penalties can be levied if a merchant is not compliant with PCI guidelines. The card brands impose fines based on transaction volume and previous infractions, and additional financial sanctions are often included from merchant banks, acquirers and card processors. Another key result of noncompliance is the significant reputational damage following the potential loss of customer data.

PCI DSS compliance is not optional; organizations are expected to maintain compliance on a constant basis. Achieving compliance can be a difficult task, especially for small and midsized businesses, but it is necessary to protect consumers and limit risk to the organization. Businesses must implement processes to assess their control framework periodically, and strengthen internal staff or leverage outside resources to help ensure PCI compliance and mitigate the risk of a data breach.

AUTHORS


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.

LEARN MORE



Events/Webcasts

LIVE WEBCAST

2017 economic and risk outlook

  • January 09, 2017

LIVE WEBCAST

AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016

RECORDED WEBCAST

PCI DSS 3.2—What’s next?

  • December 08, 2016

IN-PERSON EVENT

RSM Raleigh Technology Conference

  • October 26, 2016

IN-PERSON EVENT

Emerging risks seminar: 2016 cybersecurity executive forum

  • October 11, 2016