Credit and debit card fraud is a major issue for everyone when buying online. Every time a card is used to buy something online, over the phone or in a store, the card data is used to verify and validate the payment. We want our purchases to be secure, and free from fraud. The Payment Card Industry (PCI) is there to make sure all card purchases are safe from potential fraud…
Payment Card Industry Data Security Standard
The Payment Card Industry Security Standards Council (PCI SSC – www.pcisecuritystandards.org) is an independent body created by the five major credit card brands – MasterCard, Visa, JCB, Discover and American Express – to oversee and control the data security of all payment cards, worldwide. In order to do that efficiently and effectively, they set out the Data Security Standard, a set of twelve security requirements for businesses who accept, process, and store or transmit card information. The PCI Standard was created to increase the security around cardholder information, and reduce the risk of credit card fraud.
The Payment Card Industry Data Security Standard (PCI DSS) has twelve specific requirements for compliance. These are further organized into six groups called “control objectives”.
- Install & maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across public networks
- Use and regularly update anti-virus software on all systems
- Develop & maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems
- Maintain a policy addressing information security
The PCI DSS applies to any company that accepts credit card payments, and they need to host the cardholder data in a secure and PCI compliant hosting provider. It is a worldwide-accepted set of policies and procedures that is meant to ensure the security of credit, debit and cash card transactions against any misuse of cardholders’ personal information. Validation of a company’s compliance to the standard is done annually by an independent Qualified Security Assessor or by an Internal Security Assessor who will create the compliance report for larger companies, and can be done through a Self-Assessment Questionnaire for companies that only handle small volume transactions.
Increased security for peace of mind
The five major card companies originally created their own security measures to help combat credit card fraud:
- Discover – Information Security and Compliance
- JCB – Data Security Program
- MasterCard – Site Data Protection
- Visa – Cardholder Information Security Program
- American Express – Data Security Operating Policy
Each of these security programs were designed to create an extra level of security and protection for the card issuers by making sure that merchants met the minimum standards of security when they swipe a card or use the card data. Once the PCI SSC was formed, all five card companies aligned their policies to create the Payment Card Industry Data Security Standard. Now, with all this added security, making an online purchase is safer than it has ever been.
Other Topic Pages