Payment Card Industry Data Security Standard
Overview
The risks of identity theft, fraud and security breaches are on the rise, prompting consumers to demand greater reassurance that their credit card data is protected. In December 2005, industry leaders responded by introducing the Payment Card Industry Data Security Standard (PCI DSS). By adhering to PCI DSS, stakeholders can foster a more secure environment to process, store and transmit credit card data. On the flip side, failure to comply can result in fines, restrictions and even the loss of card acceptance privileges — not to mention a severely damaged reputation.
To ensure effective compliance, payment processors, service providers and merchants that process more than 20,000 e-commerce transactions and over one million regular transactions are required to engage a PCI-approved Qualified Security Assessor (QSA) to regularly review their information security procedures and scan their Internet points of presence. Deloitte can help you prepare for this assessment by assisting you to:
- Comply with the PCI Payment Application Best Practice (PABP) standard
- Remediate any identified security gaps or related control weaknesses
- Set clear business policies for employees regarding the processing of credit card data
- Maintain the confidentiality, integrity and authenticity of customer information
- Reduce the incidence of fraud, security breaches and identity theft
Other services
 |
Information & controls assurance Our information & controls assurance practitioners mitigate the risks associated with your internal systems, business processes, projects, applications, data and third-party reliance. |
 |
Capital markets and regulatory consulting With more complex risks today than ever before, we offer a wide range of solutions to help organizations meet the pressures of key stakeholders (boards of directors, audit committees, regulators) by enhancing their capital market and regulatory management framework. |
 |
Data risk services Our data risk services offer a proven methodology for identifying, analyzing and quantifying data risks. By enhancing data quality, data accuracy, data governance and data analytics, organizations can transform their data from a corporate liability to a corporate asset. |
 |
Governance & risk By benchmarking your governance practices against your peers, our governance solutions team can help you establish a competitive edge and gain the insights you need to align your executives’ expectations with your employees’ actions. |
 |
Internal audit & control solutions Using sophisticated diagnostic tools, we help organizations identify and prioritize business risks, create a common risk language of terms and definitions, determine appropriate risk management strategies and deploy enabling technology to better manage your risks. |
 |
Security, privacy & resiliency To enhance the security, privacy and resiliency of your organization, you need to work with trained professionals. Globally, we have over 1,100 Certified Information Systems Security Professionals (CISSP) and more than 2,000 Certified Information Systems Auditors (CISA) and Certified Information Security Managers (CISM). |
 |
Technology risk governance Our multi-functional professionals have a strong global presence and experience across virtually every industry. We can help you strengthen your IT governance practices and enhance the effectiveness and efficiency of your technology projects. |
 |
Deloitte Learning Academy Our established relationships with the Information Systems Audit and Control Association (ISACA); the Institute of Internal Auditors (IIA); the Institute of Corporate Directors (ICD); and the (ISC)² Security Transcends Technology enable us to prepare you for a wide range of certification programs. |
Featured insights
Questions? Need more information?
Related industries
Stay informed
Deloitte subscriptionsGo social
© Deloitte LLP and affiliated entities.
Ⓜ Official Mark of the Canadian Olympic Committee.
Audit, Consulting, Tax, Financial Advisory Professional Services