PCI Compliance

Payment Card Industry Data Security Standard (PCI DSS) also referred to as PCI, is a common security standard that has been established by the major credit card companies:

• American Express
• Discover Financial Services
• JCB International and 
• MasterCard
• Visa

The Standard specifies the requirements for compliance for the following categories:

• Build and Maintain a Secure Network and Systems
• Protect Cardholder Data
• Maintain a Vulnerability Management Program
• Implement Strong Access Control Measures
• Regularly Monitor and Test Networks
• Maintain an Information Security Policy

Card companies may impose fines for breaches in cases of non-compliance to the PCI Standards.

Who does it apply to?

PCI compliance applies to all organizations that handle credit card information, by storing, processing, and transmitting cardholder data.

The subjected organizations are categorized into levels, with corresponding set of controls, generally:

• Level 4 – Less than 20,000 annual transactions
• Level 3 – Between 20,000 and 1 million transactions
• Level 2 – Between 1 and 6 million transactions
• Level 1 – Over 6 million transactions annually

Although compliance is not required by any federal USA law, some states refer to PCI compliance or equivalent requirements.

How can GoldSky support you with your PCI compliance needs?

• GoldSky can determine the correct levels and requirements for the organization and business goals.
• GoldSky can assess the current security controls and compare to the compliance requirements. For identified gaps and deficiencies, GoldSky can recommend and implement the remediation.
• GoldSky can conduct internal and self-assessment procedures, as required by the PCI compliance procedures.
• GoldSky can help you to continuously monitor and test the controls in place and change and update as needed.