PCI DSS implementation guidelines for small and medium enterprises using COBIT based implementation approach

  • Author(s) / Creator(s)
  • PCI DSS is a data security standard for companies that process, transmit, or store cardholder data to protect cardholder’s data against data theft and fraud. Companies must comply with PCI DSS requirements to maintain a secure environment while dealing, accepting, or processing credit or debit cards. The main benefit of PCI DSS implementation is protecting cardholder’s data, preventing data breaches, and building customer trust. Organizations find the implementation of PCI DSS a time-consuming and costly process. Small and Medium Enterprises (SMEs) lack resources in comparison to large organizations. Non-compliance can result in such heavy fines, penalties, customer, and reputational loss, leading to the business closing. PCI DSS non-compliance also results in a lack of security measures for critical information and data protection. This paper identifies SME’s challenges to implement and comply with PCI DSS as a data security standard. This paper proposes PCI DSS implementation guidelines for SMEs using the COBIT based implementation approach based on the identified challenges. Guidelines are introduced in seven phases of the COBIT 2019 implementation guide.

  • Date created
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
  • License
    Attribution-NonCommercial 4.0 International