United States

Continual PCI compliance

Securing cardholder data on a year-round basis

WHITE PAPER  | 

Download white paper

The Payment Card Industry Data Security Standard (PCI DSS) requires an annual compliance audit for organizations with a high volume of customer payment card (credit, debit or prepaid) transactions. The PCI DSS is designed to protect customer card information with continual compliance throughout the year, but many organizations focus only on compliance prior to the audit process. Unfortunately, many companies experience data security incidents because of this approach, meeting the letter, but not the spirit of regulations.

In addition to creating vulnerabilities for data breaches, several penalties can be levied if a merchant is not compliant with PCI guidelines. The card brands impose fines based on transaction volume and previous infractions, and additional financial sanctions are often included from merchant banks, acquirers and card processors. Another key result of noncompliance is the significant reputational damage following the potential loss of customer data.

PCI DSS compliance is not optional; organizations are expected to maintain compliance on a constant basis. Achieving compliance can be a difficult task, especially for small and midsized businesses, but it is necessary to protect consumers and limit risk to the organization. Businesses must implement processes to assess their control framework periodically, and strengthen internal staff or leverage outside resources to help ensure PCI compliance and mitigate the risk of a data breach.

AUTHORS


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Receive Risk Bulletin by Email

SUBSCRIBE


Cybersecurity Rapid Assessment®

Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

LEARN MORE




Events/Webcasts

IN-PERSON EVENT

Meet RSM at the 2018 IIA GRC Conference!

  • August 13, 2018

RECORDED WEBCAST

Understanding the impact of the NAIC Data Security Model Law

  • August 09, 2018