Payment Card Industry - Data Security Standard [PCI DSS]

The time has come to comply...

History - PCI DSS was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments.

Merchants and Service Providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company. originally began as five different programs: Visa Card Information Security Program, MasterCard Site Data Protection, American Express Data Security Operating Policy, Discover Information and Compliance, and JCB Data Security Program.

Each company’s intentions were roughly similar: to create an additional level of protection to work in tandem with EMV (Europay, MasterCard, Visa) compliancy for customers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.

On the 15th of December 2004, these companies aligned their individual policies and created Payment Card Industry Data Security Standard. In September, 2006, the PCI standard was updated to version 1.1 to provide clarification and minor revisions to version 1.0.

PCI is considered one of the more comprehensive data security standards in a cluster of regulations that have emerged over the past decade; Basel II, Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability Act (HIPAA), Sarbanes-Oxley Act of 2002, California State Bulletin 1386. PCI is regarded as being relatively more prescriptive than these other laws. PCI covers six overall areas and 12 requirements, each supported by lower level requirements.

The PCI Security Standards Council Website

resource centre

Give Us Your Opinion

Hot Topics

Request For Information