PCI DSS

The Payment Card Industry Data Security Standard, also known as PCI DSS, is a set of guidelines developed and established through the collaborative efforts of Visa and MasterCard, and incorporates Visa’s preexisting CISP, or Card Information Security Program. PCI DSS was created with the purpose of preventing identity theft by protecting the information of credit card users. This is accomplished through a series of security controls and standards, including required encryption, firewalls, and passwords, restricted access to protected data, and periodic risk assessments.

The standard applies to any establishment that processes, stores, or transmits credit card information, but is entirely voluntary. Compliance with the rule is, however, a prerequisite for any merchant, bank, or other establishment that wishes to take part in card programs. Such establishments are determined to be compliant or noncompliant through annual on-site security audits, quarterly system perimeter scan reports, and annual self-assessment questionnaires. Those that are found to be noncompliant may be liable for monetary penalties, and/or may have their eligibility to participate in card programs revoked.

For more information about this topic, please contact us at info@globalseci.com