Impact Of PCI Compliance On New Orleans Businesses

Impact Of PCI Compliance On New Orleans Businesses

The Payment Card Industry Data Security Standards (PCI DSS) seeks to protect cardholder data security — and to provide a rationale for universally consistent data security protocols in the credit/debit card payment industry.

It is a requirement for any vendor or service provider who stores, transmits, or processes any cardholder data. If your New Orleans organization handles card payments, you must be PCI-compliant. Noncompliance could see you suffer massive financial penalties or sanctions against your facility’s ability to accept card payments.

Does Your New Orleans Business Need To Comply With PCI?

PCI compliance is mandatory for all organizations that accept credit and debit cards or those that store, process, and/or transmit cardholder data. Merchants and service providers’ compliance requirements differ depending on two main factors:

• The size of your organization — how many clients do you serve per day?
• The volume of transactions it undertakes — how many credit/debit card payments do you process in a day?

Individual payment brands set the criteria and compliance programs that you have to follow, guided by the dictates of PCI Standards.

What Are the Penalties for Noncompliance?

The PCI DSS is a standard, not a law to be implemented by the state or federal government. It is, therefore, only enforced through agreements between acquiring banks, merchants, and payment brands. A payment brand can penalize the acquiring banks for breach of PCI standards. In response, the banks will transfer the penalties to the non-complying merchants or even revoke their ability to accept card payments.

Quite often, PCI DSS breach is also considered as a GDPR breach since the Regulation classifies cardholder data as personal data. So, alongside fines and sanctions from your acquiring bank, you face the threat of hefty penalties of up to €20,000 (currently $23,294,000) or 4% of your firm’s annual global turnover.

As you can see, PCI non-compliance is very costly. If you are running a small or medium-sized enterprise, the overall impact could just put you out of business. Besides, your organization’s reputation will be gravely dented.

How Can Your New Orleans Business Become PCI Compliant?

PCI DSS is a broad concept with up to twelve requirements. They can, however, be organized into six general control objectives:

1. Every merchant must design and develop a secure network: You must have up-to-date firewalls to safeguard cardholder data. Never rely on vendor-supplied defaults for system passcodes/login credentials and other security parameters.
2. You must protect all the cardholder data in your custody: Any cardholder credential that’s shared across open/public networks must be encrypted.
3. Maintain a reliable vulnerability management program: You must use and regularly update anti-virus software to secure all systems and applications that process cardholder information.
4. Implement strong access control measures: Every employee with computer access should have unique IDs for easy monitoring of logins and logon activities. Executives must restrict physical access to cardholder data, i.e., such data should only be provided on a need-to-know basis.
5. Monitor and test networks for vulnerability: Regularly conduct penetration tests on your security systems, especially those protecting servers with cardholder information. You should also track and monitor access to network resources and cardholder data.
6. Maintain a standard policy that deals with information security for your staff and contractors.

Can Your Organization Manage PCI Compliance Internally?

Yes, you can — but it’s not the best option, especially when you can outsource this service to a more competent team at just a fraction of your in-house budget.

Besides, compliance with this Standard is notoriously complicated. Data from Verizon’s 2018 Payment Security Report shows that 47.5% of the firms tested for interim PCI DSS compliance failed to maintain all security controls. One way or the other, you will need a seasoned IT services company like BIOS Technologies to help you pick up the slack.

Our team will:

• Assess your firm to determine your merchant level and whether you need to submit a self-assessment questionnaire (SAQ) or a Report Of Compliance (ROQ)
• Conduct a PCI DSS gap analysis to establish your organization’s current compliance levels
• Define the detailed policies and processes needed to attain complete compliance with the Standard

David Williams

BIOS Technologies’ mission is to deliver superior IT support to the SMB market in the New Orleans Metro Area. We focus on companies that understand the business/security risks of unmanaged technology and want to maximize efficiency and profitability.