Explain why the company needs to address the PCI DSS requirements and describe
potential consequences if the company is not able to demonstrate compliance.
o Immediate Considerations for PCI DSS Compliance
Analyze factors (including those introduced in the scenario above) that will influence S&H
Aquariums’ immediate plans for PCI DSS compliance. Discuss payment brands (credit
card companies), transaction volumes, merchant levels (i.e., 1 through 4), and types of
reporting required in relation to S&H Aquariums’ business projections.
o Future Considerations for PCI DSS Compliance
Analyze contingencies that may influence PCI DSS compliance in the future. Address
potential questions from the board, including but not limited to:
What would be expected of the company if credit card volume increases past
1,000,000 transactions in future years?
What should S&H Aquariums do to demonstrate PCI DSS compliance if it begins to
accept American Express or Discover?
How would opening a bricks-and-mortar store affect the company’s responsibilities
for PCI DSS compliance?
