The Payment Card Industry Security Standards Council (PCI SSC) was formed September 7, 2006 by five of the most prestigious financial service institutions: Visa International, MasterCard Worldwide, JCB, Discover Financial Services, and American Express. The council manage the evolution of security standards known as the PCI Data Security Standard (PCI DSS) for businesses to measure their own security policies, procedures, and guidelines against.
The PCI DSS began as five separate programs: VISA Cardholder Information Security Program, MasterCard Site Data Protection, JCB Data Security Program, Discover Information Security and Compliance (DISC), and American Express Security Operating Policy. The goals of these programs were aligned with protecting card issuers by ensuring merchants meet minimum levels of security when they store, process and transmit cardholder data.
If you are a merchant that accepts any payment cards such as but not limited to credit, debit, pre-paid, e-purse, ATM or POS, then you are required to be compliant with the PCI Data Security Standard. Your exact compliance requirements can be obtained from your payment brand or acquirer.
There are three steps in part as an on-going process for adhering to the PCI DSS:
Identify cardholder data, take an inventory of your IT assets and business processes for payment card processing, and analyze them for vulnerabilities that could expose cardholder data.
Fix vulnerabilities and do not store cardholder data unless you need it.
Compile and submit required remediation validation records (if applicable), and submit compliance reports to the acquiring bank and card brands you do business with.
As of January 1, 2012, all assessments must be conducted against version 2.0 of the standard which further clarify the twelve requirements for compliance:
To learn more about PCI DSS Compliance: