If you take plastic, then PCI applies to you.
PCI Scope includes
If you store, process or transmit cardholder data
Any connected systems
When shredding, you must use cross-cut shredders
PCL doesn't care about signatures
You cannot use wireless or bluetooth keyboards
You cannot process email transactions
You cannot process voice recordings
Finance leads PCI in 60% of organizations, The remaining organizations use a team of Finance and IT
PCI is a "business issue" not an "IT issue"
Compliance is "black and white". Either you are compliant or you are not.
You can outsource processing, but not responsibility
The Attestation of Compliance (AOC) is usally signed by a C-level executive
You should only render services that you are fully qualified to do.
Local laws take precedence over PCI regulations
PCI Standards have a three year lifestyle before changes are put in place
No comments:
Post a Comment