The PCI DSS is a comprehensive set of requirements for enhancing cardholder data security around the storage and handling of customer credit card information/data.
Developed by the founding payment brands MasterCard Worldwide, Visa International, American Express, Discover Financial Services and JCB. The standard was developed to help facilitate the broad adoption of consistent data security measures on a global basis. The five founding members jointly formed an independent regulatory organisation called the PCI Security Standards Council (PCI SSC) to promulgate the Standard. The PCI DSS reflects an agreed position on the combination of each of the credit card brands’ security standards.
Any merchant, acquirer and issuer bank, and service provider that processes, stores or transmits credit or debit card data, and any connected party to them.
If you answered yes to any of the above questions PCI DSS applies to you.
Credit card fraud and identity theft are rampant across the globe and affecting millions of consumers and businesses everyday. The media is filled with stories of credit card information breaches and payment card industry have determined a need for a concerted and comprehensive response. The development of the PCI DSS is a critical step in this direction. The standard continues to be strengthened and refined through the joint efforts of PCI SSC, the credit card brands, acquirers and covered parties alike.
However as with all compliance regimes, it is imperative that sufficient robust discussion occurs for business reasons for compliance to be well understood.
Also known as merchant bank. Is the bank that is the initial point of merchant transactions.
ASV (Approved Scanning Vendors)
Performs quarterly external network scans.
Visa, MasterCard, American Express, Discover and JCB. They provide authorisation and clearing/settlement services, establish operating rules and regulations, and issue cards and acquire transaction through third parties.
The customer, the consumer, the person that uses the card.
Specific steps required to verify and show evidence of any entity’s status with regard to compliance.
Is the bank that issues the credit card used in the particular transaction.
Any entity that sells goods or services involving any credit card transactions.
QSA (Qualified Security Assessors)
Provides support and guidance on the compliance process. Defines the scope and advises on readiness for audit. Conducts comprehensive PCI DSS assessments. Evaluate compensating controls. Produces compliance reporting.
SAQ (Self Assessment Questionnaire)
Required document to be completed by all entities below level 1 to validate compliance.
Business entity directly involved in the processing, storage, transmission, and switching of transaction data or cardholder data. Provides services to merchants, services providers or other parties that impact the security of cardholder data.