Payment Card Industry (PCI)The PCI Security Standards Council (or PCI SSC) is an organization that was founded by the five major credit card companies, (American Express, Discover, JCB, MasterCard and Visa) to standardize a common set of security practices relating to processing and protection of payment card transaction data. Prior to this, each of the credit card companies had created their own independent sets of standards which caused confusion and added complexity to the merchant business and security practices.
The PCI SSC created a set of standards called Payment Card Industry Data Security Standards or PCI DSS. These are the official security standards that each retailer must adhere to if processing credit card transactions and are part of your merchant agreement. What this means is that you are financially (and potentially criminally) liable if someone gains access to your customers’ credit card data; if you are found to be out of compliance with PCI DSS.
The primary objective of PCI DSS is to reduce the risk of a data breach of cardholder information by creating a secure environment within your business operations. By following these standards, not only do you satisfy the requirements of your acquiring bank, you are working to protect your customer’s information, as well as, your company’s brand and reputation.
When it comes to PCI DSS, there are only two grading scenarios: Compliant and Not Compliant. You will not be provided a defense for “almost compliant”. In a PCI DSS audit, you will either Pass or Fail each of the various requirements for being compliant and then must solve all the problems that resulted in a “fail” in order to achieve the successful grade of PCI compliance. NOTE: You must also continuously maintain your full compliance or you will lose your PCI compliance during the next audit.
