PCI Compliance

1339 Words3 Pages

What is PCI Compliance?

PCI Compliance is maintaining adherence to the PCI DSS standard that was developed by major credit card companies as a “guideline to help prevent credit card fraud” ("PCI DSS"). Credit card fraud has taken the spotlight in the past several years due to the massive growth of e-commerce and online transaction processing. With the proliferation of e-businesses, it has become easier than ever to commit fraud over the internet.

Major credit card issuers such as MasterCard, Visa, American Express, Discover, and JCB International joined together to create a standard known as PCI DSS or Payment Card Industry Data Security Standard. In order to process credit card payments merchants and vendors are required to be compliant with the standard based on the Merchant Level of the organization. This standard was created in response to a dramatic rise in credit card data breaches at many high-profile organizations.

This standard defines a set of twelve requirements for compliance. In order to validate a company is in compliance with the PCI Data Security Standard, large organizations are audited by external auditors that are PCI Qualified Security Assessors (QSAs). Smaller companies that process less than 80,000 transactions per year are allowed to perform a self-assessment questionnaire, which determines if the merchant is within compliance.

Who owns the PCI Data Security Standard?

In June of 2005, these five major credit card issues came together and founded the PCI Security Council. The main purpose of the PCI Security Council was to create, own, and manage the PCI Data Security Standard for credit card data. However, the PCI Security Council is not a policing organization and does not enforce PCI...

... middle of paper ...

...g merchant account is PCI DSS compliant? Is sensitive information being stored? How safe is your data?

Works Cited

"An Introduction to PCI Compliance." PCIComplianceGuide.org. 2008. PCI Compliance Guide.org. 17 Apr 2008 .

McCarthy, Caroline. "T.J. Maxx parent company sued in credit card hack probe." CNET News. 21 Mar 2007. CNETNews.com. 17 Apr 2008 .

"PCI DSS." Wikipedia. 5 Apr 2008. Wikipedia. 5 Apr 2008 .

Vijayan, Jaikumar. "Minnesota becomes first state to make core PCI requirement a law." ComputerWorld.org. 23 May 2007. Computer World.org. 4 Apr 2008 .

Open Document