PCI DSS
Payment Card Industry Data Security Standard - PCI DSS
Credit and debit cards have become a common form of payment around the globe, used to purchase trillions of dollars in goods and services each year. Unfortunately, major breaches of card data continue to occur, exposing the risks inherent in their use. Meanwhile, breached vendors - from retailers, to payment processors, to financial institutions - must deal with the massive brand damage, sanctions and legal costs that are associated with a major breach of cardholder data.
The Payment Card Industry (PCI) Data Security Standard (DSS) was developed in response to acquirers, merchants, and service providers' feedback regarding the need for stronger information security to combat fraud, data breaches, and other threats to cardholder data. The Payment Card Industry in conjunction with Visa and MasterCard collaborated and released common industry security requirements in January of 2005 to facilitate the global adoption of consistent data security measures.
Globally accepted across the payment industry, PCI ensures that compliance with the following specific, mandated, card scheme programs are met:
• American Express Data Security Operating Policy (DSOP)
• Discover Information Security and Compliance (DISC)
• MasterCard Site Data Protection (SDP) Security Certification
• Visa Account Information Security (AIS)
• Visa Cardholder Information Security Program (CISP)
The purpose of PCI is to protect cardholder information, reduce debit and credit card fraud, and identify security issues that could lead to the compromise of cardholder information by imposing strict security standards on how cardholder data is handled and stored. PCI requires that those businesses that process, store, or transmit cardholder account and/or transaction information adhere to its requirements. This includes all members, merchants, retailers, and payment service providers. Failure to comply with PCI and any subsequent breach of card data within a merchant's site may result in substantial fines of up to $500,000 and, potentially, the inability to accept card payments.