Fall 2006 issue of Horizons

Compliance with Standard

Every company processing credit card transactions should comply with the provisions of the Payment Card Industry Data Security Standard and document validation of their compliance. Required level of validation is based on the vol- ume of transactions and potential risk.

services and assistance with documenting your information security policy. We also can facilitate completion of the self- assessment questionnaire with our Web-based survey. This survey can be distributed to multiple sites, is easily accessible from processing sites, and will show the project status at all times. RubinBrown consultants will help you design remediation plans for any areas of non-compliance. If your company has more than 6 million transactions per year, RubinBrown can help you identify a Qualified Data Security Company.

RubinBrown Can Help You

Our Internal Audit Services Group can assist you with your compliance efforts. We can provide project management

Compliance and validation requirements are summarized as follows:

Transaction Level

Comply with Data On-site Self Network Security Standards Security Audit Assessment Questionnaire Scan

Required Required Annually (1)

Required Quarterly (2)

Transactions > 6 million per year

Processing 150,000 - Required

Required Annually Required Quarterly

6 million transactions per year

Processing 20,000 - Required

Required Annually Required Quarterly

150,000 transactions per year

All other companies Required

Recommended Annually Recommended Annually

processing credit card transactions

Questions? Contact Jim Mather, CPA Partner-in-Charge, Hospitality Services Group 314-290-3470 jim.mather@rubinbrown.com or Cathy Behnen, CPA, CIA Partner, Internal Audit Services Group 314-290-3204 cathy.behnen@rubinbrown.com

(1) Audit must be performed by a Qualified Data Security Company. (2) Scan must be performed by an approved scanning vendor.

42 • summer 2006 issue