All about PCI Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. It was launched on September 7, 2006, to manage PCI security standards and improve account security throughout the transaction process. An independent body created by Visa, MasterCard, American Express, Discover, and JCB, the PCI Security Standards Council (PCI SSC) administers and manages the PCI DSS. Interestingly, the payment brands and acquirers are responsible for enforcing compliance, rather than the PCI SSC.
AN OVERVIEW OF PCI SSC DATA SECURITY STANDARDS
In an effort to enhance payment card data security, the PCI Security Standards Council (SSC) provides comprehensive standards and supporting materials, which include specification frameworks, tools, measurements, and support resources to help organizations ensure the security of cardholder information at all times. The PCI DSS is the cornerstone of the council, as it provides the necessary framework for developing a complete payment card data security process that encompasses prevention, detection, and appropriate reaction to security incidents.
Tools and Resources Available from PCI SSC:
- Self-Assessment Questionnaires to assist organizations in validating their PCI DSS compliance.
- PIN Transaction Security (PTS) requirements for device vendors and manufacturers and a list of approved PIN transaction devices.
- Payment Application Data Security Standard (PA-DSS) and a list of Validated Payment Applications to help software vendors and others develop secure payment applications.
- Public resources:
- Lists of Qualified Security Assessors (QSAs)
- Payment Application Qualified Security Assessors (PA-QSAs)
- Approved Scanning Vendors (ASVs)
- Internal Security Assessor (ISA) education program