If your business processes, stores, or houses credit, debit, or gift card data, then it likely must comply with the Payment Card Industry-Data Security Standard (PCI-DSS), which contains 12 requirements. They are listed here.
Often businesses incorrectly assume the PCI-DSS only pertains to the processing of payment cards via a computer but this is not the case. It is applicable in all types of commerce involving Card Holder Data (CHD).
To be clear, CHD includes the following information: the Primary Account Number, Card Holder Name, Expiration Date and Service Code.
While processing payment card transactions, if an employee writes down CHD on paper then transmits CHD via email, text message or voicemail, your business must properly secure your expanded CHD environment in order to comply with PCI-DSS.
If you have questions regarding your CHD Environment, HBK can perform a gap analysis to identify any shortfalls that your business may have relating to the PCI-DSS requirements.
HBK can assist you with cyber security topics or questions. Please contact Matt Schiavone at email@example.com, Bill Heaven at firstname.lastname@example.org, or Steve Franckhauser at email@example.com for assistance.