Businesses that accept any form of electronic payment for goods and services rendered must ensure that they are in compliance with the security standards set forth by the â€œPayment Card Industry-Data Security Standardsâ€ (PCI-DSS). These standards help to protect customers’ personal and financial data during business transactions, and it is a standard that is recognized around the world. Moreover, PCI-DSS guidance and recommendations are based on cybersecurity threats; that can facilitate financial institutions and merchants in developing unique standards for security policies, technology implementation, and other processes that will be effective in protecting payment systems and devices from breaches, or theft of cardholdersâ€™ information. According to the PCI Security Council (2019), â€œPCI covers technical and operational system components included in or connected to cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.â€ Given the fact that Red Clay Renovations accepts credit card payments from customers â€“ they must comply with the PCI standards. The PCI standards will enable Red Clay to protect customer’s account numbers, credit card numbers, names, addresses, and financial institution affiliation. It will also be tremendously beneficial to the company in the event of a security breach to prove that they exercised due diligence in protecting customer’s financial data.
The Chief Information Security Officer (CISO), along with the Chief Operating Officer (COO) for Red Clay must work coherently in establishing the company security policies and enforcing the security controls mandated by the PCI council. Conversely, they are twelve PCI security requirements that Red Clay will need to implement for their payment system to be compatible with the PCI standards. Namely, the company will have to protect systems and payment devices with firewalls, protect all financial data that is being stored, utilized adequate anti-virus tools, and restrict access. In addition, the company also exhibits a firm reliance on third-party vendors for innovative technologies and smart devices. Therefore, the PCI security controls used will also have to address vendors’ transactions and processes within the company supply chain. Infosec (2017), states that â€œPCI DSS 3.0 requirements indicate that a downstream software supply chain is an emerging attack vector.â€ Customers may choose to access additional smart devices that Red Clay Renovations have installed on their premises and pay for services using a credit card. This now becomes a supply chain, and the customer financial data will have to be guarded against cybercriminals, through the use of PCI-DSS.
They are multiple merchant levels of PCI-DSS, based upon the number of transactions a company process in a given year. Red Clay business transactions can be classified under one of the four PIC merchant levels. For example, â€œMerchant Level two is any business that processes 1-million to 6-million Visa transactions per year regardless of the payment acceptance portalâ€ (Keppler, 2019). Red Clay Renovations must further ensure that they align themselves with the proper legal and regulatory requirements in order to meet the needs of the company stakeholders. The PCI consistency framework is the driving force to implement effective programs from stakeholders. Moreover, this framework will enable all the financial data and credit card transactions between Red Clay and their stakeholder to remain confidential. The PCI security controls embedded into stakeholdersâ€™ systems can prevent attackers from accessing financial data of the parent company (Red Clay). Conversely, non-compliance with the PCI standards can cause a company to suffer severe monetary penalties, along with losing their reputation and their customers alike.
In closing, the PCI-DSS is a global standard and a requirement for all businesses that accept electronic payments. This standard set-fort security controls that companies like Red Clay Renovations must follow to protect the financial information of their customers and stakeholder. Red Clay accepts credit card payment from customers and stores financial data that needs to be protected. By utilizing the 12 security requirements recommended by the PCI, the company will be able to keep customers’ data secured in the event of a system breach or theft. Furthermore, the penalties for not being compliant with these standards can be as high as $100,000 a month (depending on the number of transactions processed), which is enforced by the credit card companies.