The Payment Card Industry Data Security Standard (PCI DSS) is a guideline, or set of criteria, established by credit card issuers in 2004 to help organizations that accept credit cards prevent fraud and other security threats related to payment processing. The guideline represents alignment of credit card companies� previous individual policies on credit card security.
The PCI DSS applies to both merchants and merchant service providers involved with payment processing; in fact, any organization processing, storing or transmitting card data must be compliant with the PCI standard or risk losing its payment processing privileges. Non-compliance also means being audited and/or fined.
The PCI Security Standards Council, a consortium of credit card issuers�including Visa, MasterCard and American Express�oversees compliance with the standard, which stipulates 12 requirements in six categories: Build and Maintain a Secure Network, Protect Cardholder Data, Maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks, and Maintain an Information Security Policy.
The PCI standard is periodically updated, with the next version (Version 1.2) set for release in October 2008. All merchants and merchant service providers must be in compliance with the new standard by that time. Details on the new standard have yet to be disclosed, but Version 1.2 is expected to eliminate some overlap in parts of the current standard.
Any organization accepting credit cards is responsible for staying informed about the latest requirements in the PCI DSS and for adjusting internal policies and practices, if necessary, to remain in compliance. At BCS Worldwide, we also must stay on top of new developments in the PCI standard so we can remain in compliance ourselves�and give you the best advice possible. We intend to do just that.
Questions about the PCI DSS, or preventing fraud in general?
One of our consultants would be happy to talk to you. Call us now at (800) 838-9699.