This paper covers the basic requirements of PCI, with a focus on the administrative and technical elements of the program. It also reviews the validation requirements of the standard and potential sanctions for failure to comply.
The Payment Card Industry Data Security Standard (PCI DSS) is a global security program created to increase confidence in the payment card industry and reduce risks to PCI members, merchants, service providers and consumers. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud.
Javelin Strategy & Research, March 2007, Pages: 35
In light of the TJX saga, issuers will no longer passively accept the costs incurred from lost cardholder data that is no fault of their own. Merchants, on the other hand, view PCI compliance as costly and burdensome, and of little value beyond "compliance". Rather than point fingers and assess blame, all industry participants must understand the necessary steps to secure cardholder data efficiently and cost effectively.
Learn about the validation requirements of the payment card industry's data security standard (PCI DSS), including administrative and technical elements of the program, and the potential sanctions for failure to comply.
Javelin Strategy & Research, June 2009, Pages: 49
The Payment Card Industry Data Security Standard (PCI DSS) raises the high water mark for data security. But there's a persistent myth that PCI compliance equals security. The reality is that PCI is only a baseline, and one that needs to be monitored constantly as the threat landscape changes. In the months following what may be the largest the data breach in U.S. history at Heartland Payment Systems®, many people are wondering if PCI is effective.
Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions.
Frost & Sullivan, May 2009, Pages: 74
Regulatory Compliance and the Need for Efficient Corporate Governance
Due to the sensitive nature and potential ramification of information being lost, local, state, and federal governments have enacted legislation and regulations to protect computerized information. Examples of such regulations include the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI-DSS) requirements.
Javelin Strategy & Research, Nov 2007, Pages: 26
Safeguarding customer data is a necessary component of good business practice, yet the numbers of data breached accounts are at an all time high. Data security has not been given front line priority, and as a consequence an environment of mistrust of the card eco-system has developed among consumers, merchants, acquirers, and issuing banks. To stem this tide, the payment networks have responded with a renewed emphasis, harsher penalties, and more specific deadlines for Payment Card Industry Data Security Standards (PCI DDS) compliance.