What is PCI-DSS?

Payment Card Industry Data Security Standard

PCI-DSS (sometimes shortened to PCI) stands for Payment Card Industry Data Security Standard.

The History of PCI-DSS

As the popularity of credit card use increased, card networks saw a need to enact security measures to protect consumer data. Before 2006, there were five versions of network security programs.

  • Cardholder Information Security Program (Visa)
  • Site Data Protection (MasterCard)
  • Data Security Operating Policy (American Express)
  • Information Security and Compliance (Discover)
  • Data Security Program (Japan Credit Bureau)

Each of the five programs has similar intent, so in 2006, the Payment Card Industry council was formed to systematize regulations. PCI-DSS was released, and this standard has been in place ever since.

PCI-DSS Goals and Objectives

PCI-DSS is a set of regulations, created to ensure all entities responsible for processing, storing or transmitting credit card information maintain a secure environment.

The Payment Card Industry has developed 12 compliance requirements, broken up into six control objectives.

Control Objectives Compliance Requirements
Build and maintain a secure network 1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data 3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program 5. Use and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications
Implement strong access control measures 7. Restrict access to cardholder data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
Regularly monitor and test networks 10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy 12. Maintain a policy that addresses information security for all personnel

A business that is PCI compliant agrees to adhere to these security requirements. These standards help protect sensitive personal information associated with credit card transactions.

Chargeback Calculator

ROI Calculator

Find Out How Much You Could Be Saving

Other providers copy our promises, but they can’t duplicate our results. Chargebacks911 has the highest win rates and the only ROI Guarantee in the industry. If we can’t increase your bottom line, then we won’t ask for your business.

Calculate ROI

PCI Compliance vs. Validation

PCI-DSS must be implemented by all entities that deal with cardholder data. However, not every entity is required to validate compliance. What entities must comply or validate?

Banking Institutions

Issuing banks must comply with PCI-DSS standards for securing cardholder data, but they are not required to go through validation.

Acquiring banks must comply with the standards, as well as validate their compliance with an audit.

Merchants

All merchants and service providers utilizing the Visa and MasterCard networks are required to comply with PCI-DSS.

There are different levels of compliance and validation required, depending on the volume of card transactions that are processed. PCI-DSS compliance is an ongoing process. As a business grows and expands, it will have different compliance requirements.

Classification Level Merchant Characteristics Compliance Requirements
Level 1 Merchants who process more than 6 million Visa, MasterCard, or Discover transactions, or more than 2.5 million American Express transactions annually Annual onsite assessment conducted by a third-party vendor; quarterly scans
Level 2 Merchants who process between 1 and 6 million Visa, MasterCard, or Discover transactions, or between 50,000 and 2.5 million American Express transactions annually Annual self-assessment; quarterly scans
Level 3 Merchants who process between 20,000 and 1 million Visa, MasterCard, or Discover transactions, or less than 50,000 American Express transactions annually Annual self-assessment; quarterly scans
Level 4 Merchants who process less than 20,000 Visa, MasterCard, or Discover transactions annually Annual self-assessment; annual scans

Criticisms of PCI-DSS

The PCI-DSS is not without its critics. Opponents of the standards assert that they present unwieldy and burdensome requirements which are difficult and expensive to meet. Others insist that the standards are little more than money-making scheme for credit card associations, offering nothing more than a means to levy fines for implied infractions.

In contrast, PCI-DSS supporters maintain that the standards are a valid method of ensuring cardholder security, if only by making entities aware of the need for increased IT security.

The Future of Credit Card Security

With an increasing dependence on credit card networks, there will always be a need for cardholder security. Fraud and identity theft are expensive crimes for both the cardholder and the merchant.

Even with PCI-DSS compliance attempts, merchants are still susceptible to data breaches. As long as there are hackers actively engaged in separating consumers from their hard-earned money, there will continue to be a risk of credit card fraud, unauthorized transactions, and the resulting chargebacks.

If you’d like more information on incorporating chargeback management into data security solutions, let us know.

boxing gloves

Prevent Chargebacks. Fight Fraud. Recover Revenue.

Find out how much more you can earn by preventing and disputing chargebacks.

Oct 8, 2015   1317      Chargeback Terminology    
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Ask a Question

Receive a notification when your requested topic is added to the knowledge base.

+ = Verify Human or Spambot ?

WAIT! BEFORE YOU GO:

Sign up to receive the latest insider tips and chargeback management news directly to your inbox. 
SIGN UP NOW

Enjoyed this article? Please spread the word.

Pin It on Pinterest