Compliance Requirements
Scenario
S&H Aquariums is a new online retailer that is about to begin selling aquariums and other items for
aquarium hobbyists. In recent months, many companies have been featured in the news because of
information security breaches that have exposed customers’ credit card data. S&H Aquariums’
management team is worried about the negative impact a potential breach could have on the company’s
reputation and business standing.
S&H Aquariums has hired you, an information systems security expert, to ensure that the company is
prepared to accept credit card payments for purchases made through the company’s Web site. To kick off
the planning phase, the board of directors would like you to write a report explaining what the company
will need to do to minimize risks to sensitive data and comply with applicable laws and regulations, as
well as industry standards.
In preparation, you sit down with the company’s president and discuss the following details:
Per the company’s strategic plan, the company expects to have between 20,000 and 1,000,000
credit card transactions during the first year of operations. However, the board would like to know
what differences to anticipate as the volume of credit card transactions grows in the coming
years.
The company will initially accept payments made with MasterCard and Visa only, but it may
decide to accept other credit cards in the future.
The board of directors is discussing the possibility of opening a bricks-and-mortar store in the
future, and the board would like to consider any compliance-related issues prior to making that
decision.
The board consists of professionals from a variety of fields. It is unlikely that any of the board
members are familiar with complex information security concepts or with PCI DSS, the set of
requirements that prescribes operational and technical controls to protect cardholder data.
Tasks
Review the information related to PCI DSS compliance provided in the course textbook and in the
Internet resources listed for this project. Consider how this information relates to the description
of S&H Aquariums provided in the scenario above.
Write a report for S&H Aquariums’ board of directors. Include the following:
o Introduction
o PCI DSS Overview
Include a discussion of the six principles, twelve primary requirements, and the sub- requirements of PCI DSS
o Rationale
Explain why the company needs to address the PCI DSS requirements and describe potential consequences if the company is not able to demonstrate compliance.
o Immediate Considerations for PCI DSS Compliance
Analyze factors (including those introduced in the scenario above) that will influence S&H Aquariums’ immediate plans for PCI DSS compliance. Discuss payment brands (credit card companies), transaction volumes, merchant levels , and types of reporting required in relation to S&H Aquariums’ business projections.
o Future Considerations for PCI DSS Compliance
Analyze contingencies that may influence PCI DSS compliance in the future.
Address potential questions from the board, including but not limited to:
What would be expected of the company if credit card volume increases past 1,000,000 transactions in future years?
What should S&H Aquariums do to demonstrate PCI DSS compliance if it begins to accept American Express or Discover?
How would opening a bricks-and-mortar store affect the company’s responsibilities for PCI DSS compliance?
o Conclusion
As a reminder, you may use the textbook for this course and the Internet to conduct research. You are
encouraged to respond creatively, but you must cite credible sources to support your work.
Submission Requirements
Format: Microsoft Word
Font: Arial, 12-point, double-space
Citation Style: Follow your school’s preferred style guide
Length: 2–3 pages
Last Completed Projects
topic title | academic level | Writer | delivered |
---|