Does your Business Process Payment Cards?

Date October 9, 2018

If your business processes, stores, or houses credit, debit, or gift card data, then it likely must comply with the Payment Card Industry-Data Security Standard (PCI-DSS), which contains 12 requirements. They are listed here.

Often businesses incorrectly assume the PCI-DSS only pertains to the processing of payment cards via a computer but this is not the case. It is applicable in all types of commerce involving Card Holder Data (CHD).

To be clear, CHD includes the following information: the Primary Account Number, Card Holder Name, Expiration Date and Service Code.

While processing payment card transactions, if an employee writes down CHD on paper then transmits CHD via email, text message or voicemail, your business must properly secure your expanded CHD environment in order to comply with PCI-DSS.

If you have questions regarding your CHD Environment, HBK can perform a gap analysis to identify any shortfalls that your business may have relating to the PCI-DSS requirements.

HBK can assist you with cyber security topics or questions. Please contact Matt Schiavone at mschiavone@hbkcpa.com, Bill Heaven at wheaven@hbkcpa.com, or Steve Franckhauser at sfranckhauser@hbkcpa.com for assistance.

Speak to one of our professionals about your organizational needs

"*" indicates required fields