PCI Data Security Standard
The Payment Card Industry Data Security Standard (PCI) is a standard across the major global card brands- Visa, MasterCard, American Express, Discover and JCB to address cardholder account security. PCI was developed to safeguard the personal information of cardholders while in the possession or use of merchants, payment processors and other entities that store, process, or transmit payment card information.
Understanding the basics of PCI, defining your merchant level, and understanding validation requirements are critical. Failure to adhere to these requirements may result in significant fines for merchants and potential cancellation of your merchant accounts by the payment brands.
The Basics of PCI
PCI is a series of security requirements for all companies that handle cardholder information. The following is a high-level list of some of the current PCI "Control Objectives:"
- Install and maintain a firewall configuration to protect cardholder data
- Encrypt transmissions of cardholder data and sensitive information across public networks
- Use and regularly update anti-virus and software on systems subject to attack
- Restrict access to data on a need-to-know basis
- Track and monitor all acces to network resources and cardholder data
Merchants may be subject to potential fines from the card brands of up to $500,000 per incident if compromised and not PCI-compliant at the time of breach.
For more detailed information on PCI Data Security Standard download our eBook or visit: http://www.litle.com/resources/pci-other-compliance
Practical Payments
Ten Approaches to Consider in Card-Not-Present Transactions
