PCI

Published by : Dr. Suzanne Miller, CPT, CHS-III, CISM, CISA, QSA 

The PCI Self-Assessment Questionnaire (SAQ) reminds me of the Internal Revenue Service (IRS) Tax Returns.  The returns are written for people who have the reading comprehension level of a third year law student.  Yet, yearly we are expected to fill in the boxes and lines correctly on the appropriate returns. If we miss interpret which forms are appropriate and misunderstand how to fill in the forms,  we can be subject to fines and  imprisonment for filing incorrect information.  Ask Wesley Snipes how it feels to go to jail for 3 years and pay over $5,000,000 in taxes and penalties. In his own words, “Newly acquired wealth does not endow one with immediate wisdom.”

The PCI SAQ will have the same far reaching effects of IRS Tax Returns.  Merchants (businesses who accept credit cards for payment) are required to fill out the SAQ every year.  90% of all merchants do not have the immediate wisdom to understand the business activities they are required to have in place or the impact of checking the box on the SAQ stating they have the required activities in place when in reality they do not.  Filing incorrect SAQs can seriously affect merchants.  Incorrect filings subject the merchant to penalties, fines and loss of the ability to accept credit cards for payment.

What a voluminous task to educate and train the over 8,000,000 businesses in what PCI is requiring of them; and how to inexpensively implement and manage these requirements. 

The Compliance and Audit Group has accepted this challenge.  In August 2008 we will be offering PCI Programmed Instructional Workbooks, PCI Workshops and PCI Internet-based training which are comprehensive, easy to use and cost effective.  If you would like to receive updates on our new programs, talk to a PCI consultant or be on our mailing list, email us at info@compliance-auditgroup.com.

Published by : Anne T. Coley, Compliance and Audit Group

I received a letter today from Bank of America Merchant Services informing me that my company MUST be PCI DSS compliant. HMMMM….If you accept credit cards you have probably received a similar letter from your Merchant Provider. If so, I wonder if you understand your letter any better than I understand mine. They also sent me a replacement Merchant Agreement which “clarifies your responsibility to comply with the PCI DSS; related Card Organization compliance requirements; and your liability for failure to comply”. Okay, that last part got my attention. I am the office manager of an information assurance company, but I am not a security expert myself. The letter directed me to several websites for more information on PCI compliance. Okay, I understand that PCI stands for Payment Card Industry and DSS stands for Data Security Standard. In order to find out what our responsibilities/liabilities are, I must first ascertain what merchant level our company falls under - so far, so good. So now I find out that we must complete a yearly Self-Assessment Questionnaire (SAQ) and a Quarterly Network Scan – I’m going to need help. Thank goodness I have in-house experts to handle this issue.

Published by:  E. G. “Buddy” Coley, Jr., PCI-QSA, CISM, CHS-III

My main goal in writing this PCI blog is to educate business merchants on the importance of credit card compliance.  Frequently called PCI DSS.  First, PCI stands for Payment Card Industry, DSS stands for Data Security Standard.

As a merchant, could your business survive if you could not process credit card transactions – probably not!  Whether you are an auto dealership, florist, retail outlet or Joe’s Lawnmower Shop, it is essential to be able to process customers’ credit card transactions.

Now we get to the heart of the matter – credit card compliance.  I can already see the look on your face – here we go again – yet another regulation to comply with.  Take a deep breath and read on.  Why should you be concerned about credit card compliance?  Quite simply, a merchant could face severe fines or lose the ability to process credit cards altogether if found negligent in the protection of credit card data!  Okay, now that I have your attention…..a FAQ is “Do I have to comply with Credit Card Compliance?”.  The answer is YES!  “Any entity that stores, processes and/or transmits cardholder data must comply with the PCI Data Security Standards (DSS).”  You can find the Data Security Standard at www.pcisecuritystandards.org/.  As a business merchant it is imperative that you understand the responsibilities/obligations you incur in processing credit card transactions.

My next blog will tell you about my top five PCI observations.

Welcome and thanks for visiting the Compliance & Audit Group Corporate Blog.  The Compliance & Audit Group specializes in PCI, Health-care & general compliance regulation for small to medium sized companies.  Our services include, PCI compliance, workshops, training courses, on site compliance inspections and reporting and much more.

We have created this blog to inform you about changes in regulations, compliance standards and basically all things compliance.  Be sure to visit often! You can subscribe to our rss feed here.