Securing Customer Payment Information
A customer pays for your product or service with a credit card. You own valuable information potential fraudsters would love to get their hands on. If that data were to get out, you could be in violation of credit card processing policies, which come with fines and penalties. However, the public embarrassment along with losing the ability to process credit card transactions and being financially liable for losses incurred, can hurt even the most profitable companies.
The Payment Card Industry Data Security Standard (PCI DSS) dictates how credit cards are handled. Depending on the volume of your major credit card purchases, you have to complete a self-assessment questionnaire or have an outside assessment. If you are struggling with the self-assessment or have multiple locations, you could benefit from an assessment of your PCI processes. Our analysis consists of the following:
- Contract review
- Policy and procedure review
- Cardholder Data Environment (CDE) analysis
- Third-party security assurance
- Building a responsibility matrix
- Security evaluation
- Following the PCI Security Standard Council’s prioritized approach tool
- Compliance assessment – assisting with self-assessment questionnaires
After understanding how credit cards are processed by your organization, we’ll walk through the respective PCI SAQs (self-assessment questionnaires) to ensure you are in compliance. We’ll also identify those areas where compensating controls can be put into place and recommend policies and procedure to make your credit card process more secure and seamless.
We can assist with reducing applicable requirements by minimizing the scope of the Cardholder Data Environment (CDE) through process management and network segmentation.
PCI DSS Experience: The requirements that are applicable to different merchants are complicated. Our IT professionals help businesses understand what they need to do to comply. They also investigate how businesses store, process and transmit customer data to ensure compliance. We have helped manufacturers, wholesalers, retailers, service businesses, museums, not-for-profits, social services agencies and schools with meeting their PCI DSS compliance requirements.
If you process credit cards, you have extra levels of responsibility. It’s imperative that you follow PCI DSS, and we can help ensure that you are in compliance. Contact us to learn how we can help.