Jordan’s Furniture – PCI DSS Compliance for a Unique Environment
Jordan’s Furniture is one of the largest furniture retailers in the greater Northeast area. In addition to furniture, Jordan’s has become known for their on-site entertainment facilities. While collecting payments for a wide range of products and services, Jordan’s recognized the importance of Payment Card Industry Data Security Standard (PCI DSS) compliance.
Challenge
Jordan’s engaged with Wolf’s PCI experts, aware they needed a PCI DSS certification for compliance and third-party relationships. However, Jordan’s needed assistance on what scope and set of PCI-specific controls they must align to their unique environment. Additionally, Jordan’s needed to understand exactly what must be done to maintain PCI DSS compliance, including:
- Understanding the necessary artifacts to show that controls were in place and operating effectively throughout a specific time period.
- What internal policies and procedures needed to be developed.
Solution
Wolf’s Qualified Security Assessor (QSA) created a detailed narrative of each PCI DSS requirement grouping and worked with management to determine whether each group of PCI DSS requirements applied to the Jordan’s environment. This process included in-depth discussions with management and evidence on why each control grouping did or did not apply. Once the appropriate scope was validated, Wolf’s QSA was able to confirm through a gap assessment – interviewing control owners and inspecting evidence – that Jordan’s was ready and able to comply with all relevant PCI DSS requirements.
Wolf was able to assist us with mapping our various payment channels to confirm our CDE and simplify our ongoing compliance efforts.”
Ethan Peterson
Information Security Manager
Jordan’s Furniture
Result
Jordan’s was able to successfully complete their PCI Self-Assessment Questionnaire (SAQ).
In addition to their SAQ, Jordan’s and Wolf’s PCI Team have already started compliance efforts to the PCI DSS v4.0, released in March of 2022.
Jordan’s closed the engagement with a positive learning experience detailing how the rigors of PCI Compliance affect their business processes.
