Understanding PCI DSS
What is PCI DSS?
Payment Card Industry Data Security Standards (PCI-DSS) is a set of security standards developed by the major card brands (Visa®, MasterCard®, Discover®, American Express® and others) to help protect sensitive cardholder data. As a merchant who accepts credit cards, you are required to protect your customers’ data and follow the PCI-DSS standards to safeguard against the threat of a data breach.
Why does it exist?
The PCI-DSS requirements are designed to protect cardholder data from a data breach. A data breach can result in thousands of dollars in fines from banks and card brands who are looking to recoup losses suffered when payment cards are used fraudulently. When cards are used fraudulently, cardholders are typically not held responsible for the fraudulent transactions, thus the banks and card brands seek to recover some of those losses. There are often additional costs related to forensic investigations and card replacement.
From the perspective of the business owner, a publicized data breach can also cost the business long term intangible value in the form of deteriorated trust and tarnished reputation among customers, resulting in future lost sales.
Who owns PCI?
The PCI Security Standards Council (PCI-SSC) is an open global forum that develops, maintains, and manages the PCI-DSS. The PCI-SSC’s aim is to protect and educate industry players such as merchants, processors, software developers, financial institutions, and other organizations that store, process, and transmit cardholder data.
When does PCI DSS get updated?
The PCI SSC systematically reviews its rules and regulations to address ever evolving security concerns, and releases a new set of standards every three years. Starting on January 1, 2015, the standards will transition from the 2.0 cycle to the 3.0 cycle. The new standards in PCI 3.0 have been released so that merchants, dealers, and developers have time to review and complete any necessary remediation before 3.0 goes into effect.
Where does PCI DSS apply?
PCI DSS is a global initiative. The security standards apply worldwide, anywhere that payment cards are stored, processed or transmitted. If you process credit cards at your merchant location, PCI DSS applies to your business.
How should you approach PCI DSS?
Because compliance is required, you should learn about PCI DSS and consider using a self-service PCI DSS program. Many payment processors like Vantiv, offer services that can help you comply with PCI DSS. Vantiv offers the tools to achieve and maintain compliance quickly and easily through our Merchant SecureAssist® solution, offered in collaboration with the compliance and data security experts at Trustwave®.