12 Holiday PCI Compliance Tips Questions and Advice and Security Best Practices to Get You Ready for the New Year
1. To whom does PCI apply?
PCI compliance applies to any organization or merchant, regardless of the size or the number of transactions that are accepted, transmitted or stored. Essentially, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.
2. Is PCI DSS compliance just an IT project?
The IT staff implements technical and operational aspects of PCI-related systems, but compliance to the payment brand’s programs is much more than a “project” with a beginning and end. PCI compliance is a business issue that is best addressed by a multi-disciplinary team. The risks of compromise can be more than just financial, as they can reputational as well, affecting the whole organization. Be sure your business addresses policies and procedures as they apply to the entire card payment processing workflow.
3. Myth: PCI DSS is unreasonable; it requires too much
Most aspects of the PCI DSS are already a common best practice for security. The standard also permits the option of using compensating controls to meet most of these PCI DSS requirements. The PCI DSS standard provides significant detail, which benefits merchants and processors. This scope and flexibility leads some to view PCI DSS as an effective standard for securing all sensitive information
4. What is an easy step my business can take to achieve PCI Compliance?
The key to achieving PCI DSS compliance is to reduce the number of items that are in scope. This means to eliminate cardholder data from the business unless it is absolutely required. The less sensitive cardholder data you have in your business the less you have to control and the easier achieving PCI compliance becomes.