PCI FAQs
Understanding PCI is all about having good information. Knowing what PCI is, and how it affects your company is critical to your company’s success and protection. These FAQs are designed to help answer your questions on PCI compliance. If you require more information, click here to read or implementation white paper, or call us at 310.530.8260.
What is PCI?
The Payment Card Industry Data Security Standards (commonly referred to as PCI DSS or simply PCI) is a set of standards developed by the major credit card providers (such as Visa and MasterCard) to ensure that credit card information is stored and secured in an appropriate manner.
What companies have to implement PCI?
Regardless of size or your merchant level, if your company processes credit cards, you are required to be PCI compliant.
Is this a governmental regulation?
No, the standards are set by the providers of your credit card processing services.
Are there penalties for non-compliance?
Yes, the credit card companies can fine you for not implementing the security guidelines they developed. Fines can range from a few thousands dollars to significantly more if there is a breach of security due to your lack of adequate security procedures.
I work for a small company, surely PCI does not apply to my company?
The PCI standard does not distinguish between company size or merchant level.
What is involved in the PCI standard?
The PCI standard covers 6 objectives:
• Build and Maintain a Secure Network
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
Each of these areas has more specific guidelines on how to achieve each objective. To read more about specific compliance procedures, click here to read our PCI white paper.
So, my company should implement PCI to avoid fines?
No, PCI compliance is more than just avoiding penalties by your credit card issuers. It is about putting in good security procedures that protect your corporate data and safeguard the information that clients, suppliers and others provide to you. By implementing the PCI standard, you not only protect yourself against fines, you harden your corporate security.
How much is this going to cost my company?
It depends on what you have in place today. You may already have most, if not all, of the required elements in place already. Oftentimes, what is needed is to implement procedures. A PCI implementation can run from a few hundred dollars to many thousands, depending on the hardware, software and internal controls you have today. Any competent security and compliance company, such as Aurora, can help by meeting with you and performing a PCI assessment.
Can I do this with my internal staff?
Yes, read our PCI compliance white paper to have your staff understand what has to be accomplished. We would still recommend hiring an outside company to audit your results. You may also find that your internal staff is not fully-versed in the ever-changing world of security. While it may not be feasible to have an expensive security engineer on staff, Aurora can provide that assistance, with day-to-day management handled by your IT staff.
|
