VIS Capital Consulting Firm
image Follow Us:

PCI/DSS Compliance

Payment Card Industry Data Security Standard.

Logo

    PCI Security Standards

  • The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

  • Five different programs: Visa's Cardholder Information Security Program, MasterCard's Site Data Protection, American Express' Data Security Operating Policy, Discover's Information Security and Compliance, and the JCB's Data Security Program were started by card companies. The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.
  • The Payment Card Industry Security Standards Council (PCI SSC) was then formed and these companies aligned their individual policies to create the PCI DSS.