Authors: Umesh Hodeghatta Rao; Umesha Nayak; R. Gopalakrishnan
Addresses: Xavier Institute of Management, Chandrashekarpur, Bhubaneswar, India ' MUSA Software Engineering Pvt. Ltd., J.P. Nagar, 2nd Phase, Bangalore, India ' Cognizant Technology Solutions, #5/535, Old Mahabalipuram Road, Okkiyam Thuraipakkam, Chennai, Tamil Nadu 600096, India
Abstract: PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. To be PCI compliant, credit card merchants should respond to a series of requirements imposed by the credit card industry. The internal audit and information security team should work together to achieve the PCI compliance. The information security experts design and implement technologies to secure the resources. Continuous audit, both internal and external, provides feedback on the effectiveness of these technologies in protecting the information and provides suggestions for improvement. In this paper, we explain the importance of being PCI compliant, the consequences of not being PCI compliant through a real-life case study of an insurance company. We also describe the importance of internal auditing and why should internal audit be conducted periodically. The case also demonstrates the need for compliance and the issues around the payment card industry in terms of data security pertaining to cardholder data. The case further explains the cost associated in terms of non compliance and/or breach of cardholder data, penalty that has to be paid to the member banks.
Keywords: PCI standard; PCI compliance; information security; payment card industry; data protection; credit card industry; credit cards; insurance industry; internal auditing.
International Journal of Auditing Technology, 2014 Vol.2 No.1, pp.37 - 46
Available online: 15 Aug 2014 *Full-text access for editors Access for subscribers Free access Comment on this article