PCI DSS Compliance Management

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-based security standards designed to help ensure that the Processing, Storage and Transmission of credit card information is undertaken in a secure manner at all times. The PCI DSS is the minimum level of applicable security requirements that need to be followed by relevant organisations.
Does This Apply to Me?

The PCI DSS is applicable globally to all organisations who process, storage or transmit credit card data either themselves or on behalf of other organisations. There is no minimum number of credit card transactions.

What is PCI DSS?

The PCI DSS is a set of minimum security requirements that were first published in 2006 by the PCI Security Standards Council, and designed to increase the level of cardholder data protection to help reduce the level of credit card fraud.

The PCI Security Standards Council was formed in 2006 by the major card brands, American Express, Discover, JCB International, Mastercard and Visa Inc.

How Do I Become Compliant?

Each organisation should implement the applicable PCI DSS requirements and provide annual compliance reporting in line with the nature and volume of their credit card handling. The compliance reporting can range from self-assessment questionnaires (SAQ’s) for small organisations to independent reviews for larger organisations or service providers. This reporting is done through to the relevant acquiring bank for each organisation.

What is the penalty for non-compliance with PCI DSS?

The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine along until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicised, but they can be catastrophic to a small business. It is important to be familiar with your merchant account agreement, which should outline your exposure.

Should a credit card data breach occur, you may also be liable for forensic investigation and remediation costs and incur reputational damage as well.

Terra Firma – PCI DSS Compliance Management Services

Terra Firma is an approved PCI DSS Qualified Security Assessor (QSA) firm as authorised by the PCI Security Standards Council. Our highly experienced team offer pragmatic, common sense solutions that are tailored to your specific operational and compliance needs. We work closely with you to find the right outcomes that not just achieve compliance but maintain the compliance level going forward.

PCI DSS compliance is a business-wide undertaking which impacts people, processes and technology. We advocate a “whole of business” approach which focusses on all applicable business areas.

Our strength lies in our highly experienced people and professional advisory services. Terra Firma has an unrivalled reputation for high-quality consulting services over many years in Australia.

More thinking

The Power of Excel and Power BI

The Power of Excel and Power BI

Terra Firma ran a lunchtime brown bag educational session for our consultants to learn about the built-in data management and reporting capabilities of Microsoft Excel and Power BI.  Using the strengths of Dynamic Array Formulas and Power Query to dynamically and...

read more