Appendix A: Payment Card Industry (PCI)

Helping you comply with the Payment Card Industry Data Security Standard (PCI DSS)

Any company that accepts credit card payments must comply with the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply with the standard could mean substantial fines and penalties for the organization. A security breach will hurt the company’s image and reputation. Despite these realities, many merchants are still not PCI-compliant because of:

  • A lack of education among merchants
  • An underestimation of the complexity and cost of remediation efforts
  • Compliance fatigue resulting from a range of requirements that impact average organizations

There are many ways to achieve compliance with the PCI DSS. We believe that PCI should not be viewed as just another compliance requirement, but rather as a controls framework that provides the opportunity to reduce risk to the payment function and the organization as a whole. Organizations that focus on compliance as opposed to risk reduction can have a false sense of security and may not be aware of residual risk that remain within the environment. A risk-based, integrated approach can create a more secure and efficient — as well as compliant — organization.