PCI DSS - penalty of not being compliant
by Umesh Hodeghatta Rao; Umesha Nayak; R. Gopalakrishnan
International Journal of Auditing Technology (IJAUDIT), Vol. 2, No. 1, 2014

Abstract: PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. To be PCI compliant, credit card merchants should respond to a series of requirements imposed by the credit card industry. The internal audit and information security team should work together to achieve the PCI compliance. The information security experts design and implement technologies to secure the resources. Continuous audit, both internal and external, provides feedback on the effectiveness of these technologies in protecting the information and provides suggestions for improvement. In this paper, we explain the importance of being PCI compliant, the consequences of not being PCI compliant through a real-life case study of an insurance company. We also describe the importance of internal auditing and why should internal audit be conducted periodically. The case also demonstrates the need for compliance and the issues around the payment card industry in terms of data security pertaining to cardholder data. The case further explains the cost associated in terms of non compliance and/or breach of cardholder data, penalty that has to be paid to the member banks.

Online publication date: Thu, 28-Aug-2014

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Auditing Technology (IJAUDIT):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com