A typical credit union downloads its report bundles, daily from its processors. Usually the only option is to store those highly sensitive PCI report bundles on a network drive, with some level of appropriate user access controls. The reports contain 16 digit card number, transaction-level details, and PII of credit union members. However, the network drive is not in a PCI compliant environment. Does this sound familiar? More importantly, do you know where your processor reports are being stored?
More and more Board of Directors and Auditors are getting involved in this area of security and asking pertinent questions regarding storage of information. Even if you do not believe that a data breach is a possibility (which is a false sense of security) this is still not the proper way to store and secure your reports.