THE CHALLENGE
With an increase of credit card data breaches in recent years, protection of credit card information is top of mind both for organizations and customers. To better protect payment card data, the Payment Card Industry Data Security Standard (PCI DSS) was established to create a set of security regulations that govern the protection of this data for all organizations that accept, process, store, or transmit credit card information. Failure to comply with the established security standards can result in serious fines and a tarnished reputation.
A large healthcare system was notified that it is now required to report compliance as one entity, rather than separate small business units (individual gift shops, parking garages, pharmacies, etc.). Since level of responsibility is based on the number of yearly credit card transactions, this consolidation increased their responsibility of reporting.
The healthcare system was only given a year and a half to become compliant at the new level, but with only one employee handling this effort, additional support was needed. Through existing relationships, the client learned of Sendero’s experience with PCI Compliance and requested assistance.
With an increase of credit card data breaches in recent years, protection of credit card information is top of mind both for organizations and customers.
OUR APPROACH
Sendero worked with the existing PCI Lead to perform a current state assessment and remediate gaps.
This assessment included:
- Interviewing the 22 managers of entities accepting card payments, including gift shops, retail pharmacies, and parking garages to better understand their current processes and policies
- Evaluating 11 third-party payment applications used to capture payment information in the different lines of business
After gathering the current-state information, the findings were compared against the PCI DSS regulations to identify the gaps needing remediation.