From the Beginning
In today’s marketplace, accepting credit cards plays a crucial role in the survival of a business, especially if it wants to grow. When signing up with a processor for a merchant account, it might not always be clear as to what you are signing up and/or are responsible for. Part of the responsibility of each is protecting cardholder information from those whose goal is to steal and abuse, or otherwise use this information fraudulently.
The always evolving world of technology provides new opportunities for criminals and hackers to steal credit card data in a matter of seconds. So how do you reduce credit card fraud? In recent years, there have been numerous advances in protecting cardholder information from getting into the wrong hands.
The Payment Card Industry Security Standards Council or PCI SSC – often termed simply “the Council” is an open global forum. The “Council” was launched in 2006, to help develop, facilitate and manage the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) Requirements.
The Payment Card Industry Data Security Standards or PCI DSS, is a set of regulations endorsed by all major credit card brands, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. – to help ensure the security of cardholder data. Compliance with the PCI DSS is required by all merchants and all payment channels, regardless of industry, business type, size of their business or the number of transactions processed.
The PCI Security Data Standards consists of twelve basic requirements and corresponding sub-requirements that are broken into six goals: Build and Maintain a Secure Network, Protect Cardholder Data, Maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks and Maintain an Information Security Policy.
These regulatory standards mandate all entities handling cards and cardholder information, including all merchants, to maintain PCI compliance. PCI compliance includes things like removing full credit card numbers and expiration dates from receipts, conducting self-assessment questionnaires, and quarterly vulnerability scans to identify potential weaknesses. As the requirements for compliance continue to evolve, maintaining PCI Compliance is not a one-time achievement, but rather an ongoing requirement.