|
|||
 |
|||
 |
|||
|
|||
 |
|||
 |
| « Back | July 2010 |
Action Required For Payment Card Industry Compliance
New payment card industry (PCI) regulations are in effect as of July 1, 2010. Sage ERP MAS 90 ERP software has been updated for compliance and submitted for PCI/DSS certification. However, in addition to standards for your accounting software, the standards also cover other areas of business processes. If you process credit cards, there are questionnaires you are required to complete.
About PCI/DSS
The PCI Security Standards Council was created as a collaboration between major card brands (Visa, MasterCard, American Express, Discover and others) to prevent credit card fraud. The first PCI/DSS standards were set in 2004 and the first round of regulations was released in 2005. The current compliance document was published in October 2008, and requires all organizations who process credit cards to be in compliance as of July 2010.
Risks Of Non-Compliance
Of course, you can hope that you never experience a data breach. However, if you do at any time in the future and you have not gone through the steps to ensure that you comply with the standards, you could incur some major costs. Non-compliant organizations experiencing a data breach can expect to pay any and all of the following:
- Investigation costs
- Remediation costs
- Non-compliance fines from each card
- Card re-issuance costs ($20-30 per card)
- Ongoing compliance audits
- Victim notification costs
Becoming compliant with the standard is a good idea in any case. It helps provide your organization with protection against fraud, offers ideas for best practices in data security and is applicable to other audits and assessments. In completing your evaluation, you will better understand your systems and understand where data assets reside on your network.
The Compliance Questionnaire
You can check your compliance by completing the appropriate questionnaire and then submit it to your acquirer as proof of compliance. An acquirer may be your financial institution or other payment processing provider. The questionnaire you need to complete depends on the number of credit card transactions you process and the method you use to process them. You can tackle this complex process on your own and find the questionnaires here.
An easier option is to get assistance from the experts. Sage has partnered with Trustwave to provide an inexpensive program for its Sage ERP MAS 90 and 200 customers. Trustwave is a leading provider of on-demand data security and payment card industry compliance management solutions to organizations throughout the world. The company can help you identify the correct questionnaire and explain how to answer the questions based on your organization’s situation. Click here to access this service.
Sage also has a webpage where they post updated information regarding PCI/DSS compliance. Please call us if you need assistance.
Please contact one of our Clifton Gunderson Technology Solutions professionals for all of your business technology needs.
The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, or tax advice or opinion provided by Clifton Gunderson LLP to the reader. The reader also is cautioned that this material may not be applicable to, or suitable for, the reader’s specific circumstances or needs, and may require consideration of non-tax and other tax factors if any action is to be contemplated. The reader should contact his or her Clifton Gunderson LLP or other tax professional prior to taking any action based upon this information. Clifton Gunderson LLP assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
