What is PCI DSS Compliance?
PCI DSS compliance is achieved by following the Payment Card Industry Data Security Standards, often called PCI for short. The standards are a set of technical and operational requirements to protect cardholder information. Essentially PCI DSS are the rules of engagement for processing payments. PCI aims to ensure that all entities accepting, storing, processing, or transmitting card information maintain a secure environment.
Payment Application Data Security Standard (PA-DSS)
To whom does PCI apply?
PCI DSS applies to ALL organizations or merchants that accept, transmit or store any cardholder data. Find out who needs PCI compliance and exactly what that means for you. Read More »
Who makes the rules?
The Payment Card Industry Security Standards Council (PCI SSC) administers PCI. The Council maintains, evolves and promotes the PCI set of standards. It was founded by the major payment brands American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. Those card brands enforce the standards, not the Council.
Why does PCI DSS compliance matter?
According to PrivacyRights.org, more than 868 million records with sensitive information have been breached between January 2005 and June 2014. Not only does credit card fraud cause a major headache for the cardholder, it can ruin a merchant’s reputation and potentially its sales.
A data breach could also come with other baggage including:
- Fraud losses
- Cost of reissuing new payment cards
- Legal costs
- Fines and penalties
- Brand degradation
- Higher costs for future PCI assessments
- Employee turnover
- Lower consumer confidence
Each data breach or fraudulent activity affects the entire transaction ecosystem. That ecosystem includes cardholders, merchants, devices, software, processors, networks, and banks, among others. If a bad guy infiltrates any point in the ecosystem, everyone suffers the consequences. PCI DSS Compliance matters because we all must do our part to prevent and detect credit card fraud.
Consequences and Rewards
- Maintaining PCI DSS compliance is good business. It protects you and your customers from the bad guys.
- If you don’t follow the standards, you are increasing the chances of a data breach and can be fined.
- If you do follow them on a regular basis, your risk of suffering a data breach will be much lower. And your good PCI karma will be much higher if you believe in that sort of thing.