What is revenue recognition?

Revenue recognition is an accounting principle that specifies how and when revenue is recognized. Because there are many possible points at which revenue can be recognized, analysts typically prefer that companies recognize revenue in a way that is consistent with industry standards to facilitate comparison of financial statements across companies. A company’s revenue recognition standard should also be consistent over time to make it easier to analyze trends in data, garner key takeaways to inform KPIs, and identify inconsistencies. 

What is the updated revenue recognition principle? 

Accounting Standards Codification (ASC) 606 was created in 2014 by the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB). This industry-neutral revenue recognition framework provides guidance to any business, public or private, that enters into contracts with customers to exchange goods or services. This updated set of standards makes it easier to compare financial statements of different businesses across industries.

There are five conditions businesses must meet to comply with the ASC 606 standard. First, they must identify the contract with the customer. Second, they must identify the contract’s performance obligations. Third, they must determine the transaction price of the exchanged goods or services. Fourth, they must allocate the transaction price of the exchanged goods or services. Fifth, once each performance obligation is met, revenue should be recognized.

What is PCI DSS compliance?

PCI compliance (payment card industry compliance) is adherence to a set of information security standards for businesses that have access to cardholder data. These standards are collectively referred to as the PCI DSS, or the Payment Card Industry Data Security Standard, which was established by the PCI Security Standards Council (PCI SSC). The PCI DSS was designed to increase controls and security surrounding credit card data to reduce credit card fraud. Any organization that handles credit card information—be it storing, accepting, processing, or transmitting that data—must be PCI compliant in its software and hosting. 

How do organizations protect cardholder data? 

In order to meet the standard, organizations must protect cardholder data and maintain a secure network, implementing firewalls at every internet connection. They must implement strong access control measures and restrict access to cardholder data on a need-to-know basis, monitoring who has access to network resources and cardholder data. They must test security systems, security processes, and networks on a regular schedule, and regularly update anti-virus software. They must also maintain a vulnerability management program and information security policy.