Nahan Printing, Inc. Achieves 2020 PCI DSS Compliance and Certification

SAINT CLOUD, MN – MAY 14, 2020 – Nahan Printing, Inc., award-winning provider of commercial print, direct mail, and digital solutions, announced its achievement of Payment Card Industry Data Security Standard (PCI DSS) Compliance and Certification for 2020.

PCI DSS is an information security framework designed by the Payment Card Industry Security Standards Council (PCI SSC). PCI Compliance is for entities that transmit, process, or store credit card data. The standard guides organizations in protecting cardholder data by preventing fraud and securing Cardholder Data Environments (CDEs).

PCI Logo

2020 marks the fifth year in a row that Nahan has earned the demanding certification. To meet compliance requirements, Nahan performed ongoing management and auditing of physical, technical, and administrative controls of their CDE throughout the year.


The successful audit resulted in Nahan’s Attestation of Compliance (AOC) for Service Providers. The AOC reviews Nahan’s compliance in detail by assessing the 12 main requirements of PCI DSS. Requirements include maintaining a vulnerability management program, implementing strong access control measures, maintaining information security policies, and more.

FRSecure LLC of Minnetonka, Minnesota, conducted Nahan’s PCI audit. As a PCI DSS Qualified Security Assessor (QSA), FRSecure provided the necessary expertise to evaluate and consult Nahan on their PCI DSS compliance.

“Achieving our PCI certification is one of the yearly milestones of Nahan’s ongoing Information Security Program,” stated Curt Tillotson, Nahan’s Chief Operating Officer.

“Our commitment to information security doesn’t stop with our PCI environment, either. It extends throughout our organization. Our customers not only appreciate this, they require it.”

– Curt Tillotson, Chief Operating Officer, Nahan Printing

About Nahan

Nahan Printing is a Minnesota-based, independent, family-owned, world class printer committed to providing end-to-end solutions that add value to clients. Since its inception in 1962, Nahan has specialized in catalog and direct mail printing for industries such as retail, financial services, non-profit, and hospitality. With a client roster of legendary brands, Nahan prints iconic work that represents the highest level of quality and innovation in the industry. For more information about Nahan, please visit https://www.nahan.com/.

Image by Steve Buissinne from Pixabay

What is Variable Data Printing? A Closer Look.

Author: Jon Legg, Data Processing Department Leader

In today’s data-driven marketing world, utilizing the power of your data can be the difference between a good marketing campaign and a great marketing campaign that produces a fantastic ROI. A question that we often get asked is “What is Variable Data Printing and how does it work?”

What is Variable Data Printing?

Variable Data Printing is using your customer’s data to change text, images, or other content from one piece of mail to the next.  Instead of printing one form 100,000 times you can instead print 100,000 highly individualized pieces.  And when we say highly personalized we are talking about more than just a salutation line that says “Dear John Doe.” 

At Nahan we have done a wide range of projects that utilize variable data printing.  The following four specific examples show what highly personalized could look like to you.

  1. One project had hundreds of mall locations and for each record, we used a field in the data to variably pull the closest mall to the consumer, a logo for that mall, hours of operation, and a mall directory. 
  2. Another project required us to uniquely link over 400,000 photographs so that each record imaged the correct photograph. 
  3. A third project involved providing each recipient with a personalized map that showed their house on a map, the nearest store, and a highlighted route between the two.
  4. Lastly, another project showcased a piece that changed all of its content based on the consumer.  Family of four?  All content showed family-friendly activities and all images changed to photos of families.  Single?  The entire piece changed to show photos of adults with more of a focus on entertainment and nightlife.

Variable data printing can do all of this and more. 

What is Variable Data Printing

As we like to say, “Where there is data, there is opportunity for customization.”

What Files Are Needed For a Variable Data Project?

At Nahan we can accept all types of files and work with you to get more out of your mail list.  Our preferred file format is a CSV file transmitted to our SFTP site.  We are also able to use API integrations to directly link with our customers to provide a more seamless transfer of data; both to Nahan and back to our customers.  This can include return files, reports, and much more.

How is Data Kept Safe?

In today’s digital landscape we can use data for just about anything, which makes that data extremely valuable.  Sadly, the bad guys know that as well and are constantly looking to get their hands on data.  But Nahan takes pride in keeping your data safe.  We are PCI compliant and are equipped to work with HIPAA data. We have lots of hands-on experience with both.  Beyond that our data processing team is literally in a locked room that requires two different forms of authentication just to get in! Given all the efforts that we put into data security, you can rest assured that not only will Nahan keep your data safe, but we will also put it to work for you! 

Working Together on a Strategy

As a company, we are not afraid of pushing the boundaries of what can be done with data.  We are constantly using the newest technology and then working to perfect it.  We also have a data processing team that is equally unafraid of pushing limits and seeing how much we can do with a simple mail list.  Let’s work together and see what we can get your next mailing to do for you! Contact us to learn more.

Author: Jon Legg is a Department Leader at Nahan Printing and started with the company in 2015.  He currently oversees the Data Processing department as well as the PreMedia department.  This means that any files, whether art or data, all come through Jon’s teams.  When he isn’t at work Jon loves spending time with his wife and daughter, traveling (usually to Disney World), and working with our local theater company both on stage and as a Director. 

A Quick Intro to PCI DSS (Payment Card Industry Data Security Standard)

Author: Joseph Jachimiec, Security Administrator

With over 9,300 security breaches recorded since 2005, and a whopping 10.4 billion records estimated stolen (source: privacyrights.org), it’s essential for businesses to follow a reliable security framework to guide their information security programs.

One such framework is the Payment Card Industry Data Security Standard (PCI DSS).

In this post, we’ll take a quick look at how PCI DSS started. We’ll also define “cardholder data” and touch on the 12 requirements of the standard.

PCI DSS Overview and History

PCI DSS was introduced in 2004 by the five major credit card companies: American Express, Discover Financial Services, JCB, MasterCard, and Visa.

Before joining forces, each company had internal security programs to combat rampant credit card fraud and breaches. They formed the Payment Card Industry Security Standards Council (PCI SSC) to establish a common standard. Additionally, they needed to solve the interoperability problems of individual programs.

From this group, the PCI Data Security Standard was born. It’s aim? To reduce credit card fraud and to give guidance for controls around cardholder data. To this day, the PCI Council acts as the governing body for the PCI Standard.

PCI DSS has been through many iterations since version 1.0 in 2004. Major updates to the standard were released in October 2010 (version 2.0) and November 2013 (version 3.0). At the time of this writing, version 3.2.1 is the most current, released in May 2018.

The PCI DSS applies to any entity that accepts, processes, stores, or transmits cardholder data, including merchants and service providers.

What is Cardholder Data?

In short, cardholder data (and sensitive authentication data) is the good stuff that thieves are after. Here’s a breakdown from the version 3.2.1 documentation:

Table image of PCI DSS cardholder data and sensitive authentication data
Source: Payment Card Industry (PCI) Data Security Standard – Requirements and Security Assessment Procedures, Version 3.2.1, May 2018, page 7

Interesting fact: although PCI DSS permits cardholder data storage, sensitive authentication data storage is not allowed, even if encrypted.

To show where this data lives on a typical credit card, take a look at this image from the PCI DSS Quick Reference Guide:

Image of credit card front and back showing types of data for PCI DSS
Source: PCI DSS Quick Reference Guide – Understanding the Payment Card Industry Data Security Standard version 3.2.1, page 11

The PCI DSS Requirements

The PCI Data Security Standard breaks down into 12 compliance requirements within six goals:

Table image of PCI DSS goals and requirements
Source: PCI DSS Quick Reference Guide – Understanding the Payment Card Industry Data Security Standard version 3.2.1, page 9

As you can see, each requirement is a significant security undertaking for any company. When met though, these requirements mirror security best practices, protect cardholder/sensitive authentication data, and lead toward PCI DSS compliance and certification.

The PCI DSS documentation lays out guidance steps for each requirement. It also unveils the testing procedures that the PCI Qualified Security Assessor (PCI QSA) performs to confirm the requirements are in place. Consider it your PCI cheat sheet!

Conclusion

At Nahan, PCI DSS is just one of the security frameworks that guide our information security program. We’re proud to be PCI Compliant and Certified since 2016. Our annual PCI QSA audit verifies that we’re meeting all PCI DSS requirements to protect cardholder data.

To learn more about our PCI DSS compliance and to see our Attestation of Compliance, contact us today.

Joseph Jachimiec is a security, IT, and marketing professional. As the Security Administrator at Nahan, he heads up our information security program and is the go-to guy for our customer/third-party security audits and PCI, SOC 2, and HIPAA compliance initiatives. In his spare time, he dreams about what it would be like to have more spare time.

Image by TheDigitalWay from Pixabay