Payment Card Industry Data Security Standard (PCI DSS)
What is PCI DSS compliance?
The Payment Card Industry Data Security Standard (PCI DSS) refers to payment security standards that ensure all sellers safely and securely accept, store, process, and transmit cardholder data (also known as your customers' credit card information) during a credit card transaction.
To whom does the PCI DSS apply?
The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
What are the penalties for non-compliance?
The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine along until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees.
What is a vulnerability scan?
A vulnerability scan involves an automated tool that checks a merchant or service provider’s systems for vulnerabilities.
Do states have laws requiring data breach notifications to the affected parties?
Absolutely. All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.
My business located in New York State, what is NYS Information Security Breach and Notification Act?
The NYS Information Security Breach and Notification Act is comprised of section 208 of the State Technology Law and section 899-aa of the General Business Law.
State entities and Businesses or persons conducting business in New York who own or license computerized data which includes private information must disclose any breach of the data to New York residents whose private information was exposed.
What should I do if my business compromised?
If your business has discovered it’s been breached, please contact MJJT immediately by fill out the firm. We will response to you promptly.