Why is it important when you fill out your self-assessment questionnaire (SAQ) that you are compliant with the entire standard? Simple, should you be breached (and in strange, yet real circumstances when you haven’t been breached) you get to be audited. And – should you be found not compliant there are any number of things that can happen. It begins with the card brands and they will assess fines. Fines for non-compliance, failure to report a compromise (breach), egregious violations carry still more fines, and the big no-no – storing full track data.
But the card brands don’t fine the merchants, so you’re okay right? Wrong! The card brands fine the banks, who in turn fine the merchants and do so because of the contracts in place that allow you to accept credit cards. However the initial fines aren’t the only scary part. Still worse than the fines are the other costs involved (forensic investigation, lost revenue, distrust by your employees and customers) which have been covered in previous posts. Once you have been breached, and audited, and fined… you get to do an onsite audit by a QSA for future validation… that is IF you are still able to process credit cards as that can be halted too for non-compliance.
So don’t just fill out a form and check some boxes, it could prove more costly than you realize. And, it’s not SECURE. If you don’t know whether or not you are PCI compliant, call Halock and ask for help. You may very well be PCI compliant, and can breathe easy. If you’re not, HALOCK Security Labs can help you achieve – and maintain – PCI compliance.