Select Page

Becoming PCI compliant can be a tall order for any organization, but it can be especially tricky when there is a single person responsible for PCI compliance. Payment Card Industry security standards are strict and may vary depending on the size of the company, number and type of transactions involved, and other factors. Staying on top of all the requirements, which continue to evolve, is not an insignificant task for one person.

While no one person should take total ownership or have complete responsibility for PCI compliance, this often becomes the case in smaller organizations. Additionally, we see that responsibilities get heaped on IT’s plate, even though, as a business requirement, senior management should help drive compliance.

The most important thing anyone in this situation can do is be a champion of PCI compliance. While they alone may be responsible for adhering to the regulations and requirements, it can be beneficial to get buy-in from other key people within the organization. These people can provide support to the cause by taking ownership of their own slice of the pie and chipping in to ensure the entire organization remains compliant from end-to-end.

Here are some things that “solo practitioners” of PCI compliance can do to keep an organization secure:

1. Keep Everyone Trained on PCI Compliance Requirements

It may seem trite, but ignorance is not bliss when it comes to PCI DSS compliance. The reality is that PCI compliance is the responsibility of every employee, from top management executives, down to the cleaning staff. Everyone should receive training on how to handle and safeguard PCI data. If an administrative assistant sees another employee doing something wrong, that assistant should have the training to understand why that employees action is wrong and should know next steps for reporting and incident response, if necessary. Documenting and enforcing policies will require an organization-wide effort.

2. Get Support From IT

You will need the support of your IT department to make any effective headway with PCI compliance. For bigger companies, this may branch out to a security team and an internal audit team. These are the people and teams who would be involved with reviews, audits, filling out SAQs, and arranging for quarterly scans. IT will need to be heavily involved with the implementation and enforcement of PCI requirements and guidelines, which can be very technical.

For some larger organizations, it may make sense to hire a Qualified Security Assessor (QSA). QSA’s are organizations that have been qualified by the PCI Security Standards Council to verify an organizations adherence to PCI-DSS.

3. Get Buy-in From Senior Management

The C-level executives of an organization are mostly likely going to be concerned about the

potential damage to their brand, perhaps moreso than the potential fines from the PCI SSC. This knowledge can be leveraged to garner support for internal initiatives such as training or to bring on outside help from vendors or through technology.

4. Work With a Seasoned Compliance Vendor

At times, too much responsibility gets heaped onto one person within an organization. That person may find it extremely difficult to hold the attention of other stakeholders whose input is needed for PCI compliance. Without an internal support system, the best bet may be to work with a seasoned compliance vendor who can take some of the responsibility off of this person’s plate and ease the burden of compliance —and perhaps reduce compliance scope.

Arrow Payments has a successful track record of working with organizations of all sizes to reduce PCI scope and keep payment card data protected. Contact us today for a free consultation. 

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

Managing Ecommerce Solutions for Higher Ed

Managing Ecommerce Solutions for Higher Ed

Nothing has pushed ecommerce to the forefront of universities and institutions of higher education than COVID-19. While many universities previously saw the importance of leveraging ecommerce for everything from tuition payments to fundraising and more, the pandemic...

Higher Education’s Guide to Cryptocurrency

Higher Education’s Guide to Cryptocurrency

According to Coinbase, twice as many students report having taken a crypto course in 2019 and 41 of the top 50 universities have at least one student-led crypto and/or blockchain club. As people around the world continue to learn about and invest in cryptocurrency,...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery