Payment Card Industry Data Security Standard (PCI DSS)
Identity theft, fraud, and security breaches are issues faced by payment processors, merchants and service providers alike in today’s credit card processing environment. Consumers want reassurance that their credit card data is protected. The payment card industry is taking action to enhance security. Since December 31, 2005, most merchants, payment processors and service providers have been expected to comply with the Payment Card Industry Data Security Standard.
Maintained by the PCI Security Standards Council, an association of credit card companies, the Data Security Standard (DSS) aims to improve the security of payment card data. By adhering to the PCI DSS, all stakeholders can create a more secure environment to process, store and transmit credit card information. Companies that fail to comply could be subject to fines, restrictions or loss of card acceptance privileges, not to mention a severely damaged reputation.
To provide additional assurance, the PCI Security Standards Council has established a system for validating compliance with the DSS. Payment processors, service providers and merchants that process more than 20,000 e-commerce transactions and over 1 million regular transactions are required to engage a PCI-approved Qualified Security Assessor (QSA) to conduct a review of their information security procedures and scan their Internet points of presence on a regular basis.
Assessors confirm that a merchant or payment processor has met all the requirements for PCI compliance. There are numerous benefits to becoming PCI compliant. A successful PCI project can help set clear business policies for employees regarding the processing of credit card data, maintain customers’ confidentiality, integrity and authenticity of information, and reduce the incidences of fraud, security breaches, and identity theft.
Deloitte helps organizations understand the extent to which they are PCI compliant in accordance with the PCI Payment Application Best Practice (PABP) standard, advising on the best solutions for remediation of any identified security gaps or other related control weaknesses. This service is typically delivered to organizations before they make contact with a QSA for formal accreditation.