Before the PCI DSS was established, various card brands set up their own security programmes in order to protect card holder data and identity theft due to ongoing data compromises occurring at numerous levels.
In 2006, the five major card brands (Visa, MasterCard, American Express, Discover Card and JCB) then decided to unify their policies and procedures under one universal standard that was called the Payment Card Industry Data Security Standard (PCI DSS). The PCI council governs the payment industry and ensures that all entities accepting, storing or transmitting credit card data adhere to the PCI DSS. The aim is to reduce the number of security breaches and protect the card brands.
PCI DSS can help organisations to;
• protect valuable customer information including payment card details
• protect against the loss of valuable business information and the cost associated with data compromise
• protect against the negative publicity associated with a data breech
• ensure continued customer confidence in the use of payment cards
How does an organisation attain PCI compliance?
An organisation can attain PCI compliance by conforming to the 12 security requirements set out within the PCI DSS. Depending on their merchant level an organisation that is accepting, storing or transmitting card data can become PCI DSS compliant by either submitting a validated Self-Assessment Questionnaire (SAQ) or by undergoing an onsite assessment with a Qualified Security Assessor (QSA).
The merchant level depends on the volume of transactions that they are handling per annum. An organisation that is handling 6 million transactions or more must have an onsite assessment carried out each year by a QSA as well as quarterly network scans.
However, an organisation that is handling 20,000 to 6 million transactions per year can fill out an SAQ but must also undergo quarterly scans of their external network in order to conform to PCI compliance. For organisations handling less than 20,000 transactions per year, they must also undergo quarterly scans on their network and complete an SAQ.
If an organisation that is handling card data from one of the PCI council member brands falls victim to a security breach, they can incur a significant fine and be banned from handling future credit card payments for any of the five major card brands.
For further information on our PCI compliance services, please contact one of our Sales representatives by calling +353 (0)1 495 1300 or by completing our Online Enquiry Form or Request a Call Back Form.
Subscribe To
Posts
All Comments
