On December 15, 2004, the Payment Card Industry Security Standards Council (PCI SSC) was formed and first released version 1.0 of the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI standards cover everything from the point of entry of card data into a system to how the data is processed through secure payment applications.
As one of the first companies to adopt the standard, Electronic Merchant Systems moved to become PCI Compliant right away. Not only that, due to a strict enforcement of the guidelines and a passion to keep our merchant’s information safe and secure, EMS has remained PCI Compliant for each of the last 10 years. On Tuesday, all departments gathered on the 8th floor of EMS Headquarters to celebrate the decade-long achievement.
“The card brands united and created the combined PCI standard in December 2004,” Leslie Pochaukas, CIO of EMS said. “I joined the company in July of ‘04, and we were PCI compliant by early 2005.”
Despite changes in the standards over time, as businesses are forced to adapt to new technology and increased cyber risks, EMS has maintained the PCI benchmark ever since. It’s a process that looks simple from the outside, but requires a total team effort in order to achieve the consistency necessary to succeed.
“The standard has evolved from version 1.0 to 3.1 which is a lot more detailed,” Pochaukas said. “There are 12 requirements and they look pretty simple, but they translate into 220 items that we have to provide evidence. So every year, during the January / February timeframe, our assessor comes on site and we have to provide evidence and demonstrate that we do what our policies/procedures say we do. That covers everything from protecting our environment, card holder data, physical entry/exit, to patching, anti-virus updates, pre-hire and annual background checks, just to name a few.
Over the course of 10 years, the people added to the EMS team have shared that passion for PCI security. That much is certainly evident in the decade long accomplishment celebrated this week.
“Security and compliance requires everyone, and we’ve really made great strides to compensate for the increased threats over the years,” Pochaukas added. “We hold security awareness training programs, perform phishing attempts to make us stronger, and the team has just really pulled together. This includes the Information Services team and user community as well.
To celebrate the 10 year milestone, the company celebrated with pizza, cake and a trivia contest this week. We also collectively signed the commemorative banner. EMS will continue to remain PCI compliant for the future in the spirit of keeping our customers safe.