Cybersecurity Standards – Payment Card Industry Compliance

One of the most effective ways of maintaining trust with your customers is upholding a strong line of defense against cybersecurity threats, including those that target credit and debit card information stored in your systems. To do so, all major credit card and payment processing companies have implemented the Payment Card Industry Data Security Standard (PCI DSS).

This standard, which is administered by the Payment Card Industry Security Standards Council, establishes cybersecurity controls and business practices for companies that process, store or transmit credit card data. Companies are required to demonstrate that they have implemented PCI DSS by meeting all the reporting requirements outlined below – failure to do so could result in fines.

  1. Install and maintain a firewall configuration to protect cardholder data
  2. Avoid vendor-supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open public networks
  5. Use and regularly update anti-virus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to cardholder data by business need-to-know
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

In addition to meeting these 12 requirements, companies must have their PCI DSS compliance audited yearly, preferably by a third party. If you fall behind on or ignore your compliance status and become victim of a breach, your company may be fined up to $500,000, adding additional cost to an already expensive situation.

Many companies, including SST Accountants & Consultants, have made the decision to eliminate the risk of non-compliance by utilizing a third party for submitting and storing all client credit card and payment information.

For additional information on PCI DSS compliance, we encourage you to contact the experts at SST and schedule a consultation on compliance. We also strongly encourage you to review our previous blog posts on cybersecurity to ensure that your organization and customers stay protected now and in the future.