Payment Card Industry Data Security Standard
PCI DSS is a set of comprehensive requirements for enhancing payment account data security. These requirements were developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
This security standard includes requirements for security management, policies, procedures, network architecture, software design and critical protective measures. PCI DSS is intended to help organizations proactively protect customer account data.
Who needs to follow PCI DSS?
Everybody
PCI DSS affects anyone who actively handles payment card information such as card number, CVV2/CVC2/CID, cardholder's name, Expiration date, full magnetic stripe data, PIN data, and etc. Payment card processors, banks, cardholders, merchant service providers, and merchants are few examples of those affected by PCI DSS.
In other words, MERCHANTS who accept payment cards as payment must comply with PCI DSS.
Mandated by PCI Security Standards Council to protect sensitive information
- Protection from security breaches internally
- Protection from attacks by hackers/intruders
-
Liability for non compliance
-
Financial liability
- Fines/penalties imposed by card associations
- Fees assessed by processing companies
- Fraud
- Chargeback
-
Legal liability
- Civil lawsuits
- Criminal lawsuits
What are some misconceptions on security?
Many organizations believe that security breaches will never happen to them or that they have "enough" security
The truth is that there is no such thing as 100% security. As technology evolves, so do hackers. Staying in front of these threats is the only way to help prevent breaches in the future.
- Even those who had PCI Certification and met the 12 requirements on minimum security level were breached by hackers.
The purpose of PCI DSS is not to prevent security breaches, but to make organizations aware of these threats and help them be proactive in protecting customer account data.
Instead of being reactive to breaches, become proactive to prevent these breaches occurring in the first place. Doing research about PCI can help significantly in finding ways to protect customer information.
Big or small, all organizations must realize the importance of security and the goal of PCI DSS in the payment card industry.
Take the first step: PCI Compliance -
http://www.ezpcisaq.com