You are currently on IBM Systems Media’s archival website. Click here to view our new website.

Sponsored Advertising Content - Mandatory Security Reporting Intensifies for All Merchants

One million: a huge number. When asked how many credit card transactions are processed each year, most answer: “Less than 1 million.” Until Jan. 31, that excused you from mandatory security audit reporting to your bank.

However, now even the lowest volume merchants must submit a PCI Self-Assessment Questionnaire (SAQ), and an Attestation of Compliance (AOC) signed by an officer of your company stating its accuracy. If you touch card data with your workstations—ever—that SAQ will be the draconian SAQ “D”—19,000-plus words asking over 500 intrusive, technical and operational questions, possibly requiring months to research.

The payment industry is moving toward more ponderous reporting from you. Be alert and diligent. The bank notices are on their way. This will intensify.

After 24 years in this niche, we see an unprecedented level of anxiety and activity at the card brands. The rules for securely handling credit cards are changing rapidly, and the simplicity of the past is being challenged. Integration with remote tokenization is part of the answer.

Ira Chandler
CTO, Curbstone Corporation

Author of the first commercial AS/400 credit card software in 1993, Ira and Curbstone focus on IBM i payment security.