United States

Continual PCI compliance: Securing cardholder data on a year-round basis


Download white paper

The Payment Card Industry Data Security Standard (PCI DSS) requires an annual compliance audit for organizations with a high volume of customer payment card (credit, debit or prepaid) transactions. The PCI DSS is designed to protect customer card information with continual compliance throughout the year, but many organizations focus only on compliance prior to the audit process. Unfortunately, many companies experience data security incidents because of this approach, meeting the letter, but not the spirit of regulations.

In addition to creating vulnerabilities for data breaches, several penalties can be levied if a merchant is not compliant with PCI guidelines. The card brands impose fines based on transaction volume and previous infractions, and additional financial sanctions are often included from merchant banks, acquirers and card processors. Another key result of noncompliance is the significant reputational damage following the potential loss of customer data.

PCI DSS compliance is not optional; organizations are expected to maintain compliance on a constant basis. Achieving compliance can be a difficult task, especially for small and midsized businesses, but it is necessary to protect consumers and limit risk to the organization. Businesses must implement processes to assess their control framework periodically, and strengthen internal staff or leverage outside resources to help ensure PCI compliance and mitigate the risk of a data breach.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




RSM Raleigh Technology Conference

  • October 26, 2016


Emerging risks seminar: 2016 cybersecurity executive forum

  • October 11, 2016


RSM’s 40th Annual National Credit Union Conference

  • October 06, 2016


Cybersecurity and cloud summit

  • September 27, 2016