United States

Continual PCI compliance

Securing cardholder data on a year-round basis


Download white paper

The Payment Card Industry Data Security Standard (PCI DSS) requires an annual compliance audit for organizations with a high volume of customer payment card (credit, debit or prepaid) transactions. The PCI DSS is designed to protect customer card information with continual compliance throughout the year, but many organizations focus only on compliance prior to the audit process. Unfortunately, many companies experience data security incidents because of this approach, meeting the letter, but not the spirit of regulations.

In addition to creating vulnerabilities for data breaches, several penalties can be levied if a merchant is not compliant with PCI guidelines. The card brands impose fines based on transaction volume and previous infractions, and additional financial sanctions are often included from merchant banks, acquirers and card processors. Another key result of noncompliance is the significant reputational damage following the potential loss of customer data.

PCI DSS compliance is not optional; organizations are expected to maintain compliance on a constant basis. Achieving compliance can be a difficult task, especially for small and midsized businesses, but it is necessary to protect consumers and limit risk to the organization. Businesses must implement processes to assess their control framework periodically, and strengthen internal staff or leverage outside resources to help ensure PCI compliance and mitigate the risk of a data breach.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




Emerging risks: 2018 Risk Advisory Executive Forum

  • April 26, 2018


Cybersecurity lunch and learn: Shedding light on the dark web

  • March 21, 2018


Meet RSM at the 2018 IIA GAM Conference

  • March 12, 2018


2018 economic and risk outlook webcast

  • February 20, 2018


AML and regulatory compliance webcast series: Winter 2018

  • February 13, 2018