The Payment Card Industry Data Security Standard (PCI-DSS) is a global data security standard created by the PCI SSC. It was created to help companies protect consumer cardholder data from being compromised and to help prevent credit card fraud. The standard applies to all companies regardless of size that accept, hold, process, and/or transmit cardholder information via a credit card transaction.
There have been major technology advances in recent years to help protect cardholder information from being compromised and/or used fraudulently. In 2003 the Fair and Accurate Credit Transaction Act (FACTA) was created to help consumers identify fraud and limit the amount of cardholder information that can be displayed or printed. With the enactment of the Payment Card Industry Data Security Standards (PCI DSS), in 2005, the rules of credit card processing have changed forever.
The credit card industry has taken the protection of credit card data seriously and mandated all parties follow these new important guidelines All credit card and PIN transactions require the use of Triple DES PIN encryption have established standards and requirements for the safekeeping of cardholder information.
These new regulatory standards require all parties, including merchants, involved with credit card transactions, to maintain PCI compliance. PCI compliance includes removing full credit card numbers and expiration dates from receipts, employee training, conducting self-assessment questionnaires, and quarterly vulnerability scans to identify potential weaknesses. PCI Compliance is not a one-time achievement, but rather an ever changing requirement that needs constant awareness.
ALL MERCHANTS that accept any type of credit card payment MUST comply with the newly created PCI DSS standards. Compliance must be validated once a year and be submitted to your acquiring institution (bank) for certification. Compliance will include an assessment questionnaire, replacement of NON-PCI Complaint terminal and the possibly of a network security scan for companies that use the internet for transaction processing.
Failure to comply with PCI DSS standards may result in fines, additional auditing, and termination or suspension of your merchant account.