The Payment Card Industry Data Security Standard (PCI DSS) affects organizations across all sectors and industries. Any organization that accepts credit cards — including schools and other non-profits — must be aware of and stay compliant with PCI obligations, even if credit card transactions account for only a tiny percentage of your institution’s revenue.
But what does it mean to be compliant? What if your organization outsources most elements of credit card processing to a vendor?
We work with organizations of all types to help define their cardholder data environment (CDE) and decode the PCI environment. Some questions that we’ve helped our clients to answer include:
- Your payment processor indicates that they are a Level 1 PCI-compliant vendor. But what does that really mean?
- Your bank has started to ask for a quarterly PCI scan. Why?
- Your Board of Trustees has asked why your IT and Finance departments are spending so much time, money, and resources on PCI compliance. What can you do to improve the situation?
- Your new CFO has asked for a complete picture of the PCI environment and all of the major players — the payment processors, gateways, merchant banks, MID list. You don’t know where to start to track down or make sense of this information.
- Your new CIO wants an external team to review your organization’s network segmentation in light of PCI compliance.
From card present transactions to virtual terminals, self-service kiosks, mobile devices, website gateways, EMV chip readers, and everything in between, the team at FireOak Strategies will take an in-depth look at your environment and provide practical recommendations to minimize your institution’s PCI scope and simplify your compliance tasks.