Understanding PCI DSS
What is PCI DSS?
Payment Card Industry Data Security Standards (PCI-DSS) is a set of security standards developed by the major card brands (Visa®, MasterCard®, Discover®, American Express® and others) to help protect sensitive cardholder data. As a merchant who accepts credit cards, you are required to protect your customers’ data and follow the PCI-DSS to safeguard against the threat of a data breach.
Why does it exist?
The PCI-DSS is designed to protect cardholder data from a data breach. A data breach can result in thousands of dollars in fines from banks and card brands who are looking to recoup losses suffered when payment cards are used fraudulently. When cards are used fraudulently, cardholders are typically not held responsible for the fraudulent transactions, thus the banks and card brands seek to recover some of those losses. There are often additional costs related to forensic investigations and card replacement.
From the perspective of the business owner, a publicized data breach can also cost the business long term intangible value in the form of deteriorated trust and tarnished reputation among customers, resulting in future lost sales.
Who owns PCI?
The PCI Security Standards Council (PCI-SSC) is an open global forum that develops, maintains, and manages the PCI-DSS. The PCI-SSC’s aim is to protect and educate industry players such as merchants, processors, software developers, financial institutions, and other organizations that store, process, and transmit cardholder data.
When does PCI DSS get updated?
The PCI SSC systematically reviews its rules and regulations to address ever evolving security concerns, and releases a new set of standards every three years. Starting on January 1, 2015, the standards will transition from the 2.0 cycle to the 3.0 cycle. The new standards in 3.0 have been released so that merchants, dealers, and developers have time to review and complete any necessary remediation before 3.0 goes into effect.
Where does PCI DSS apply?
PCI DSS is a global initiative. The security standards apply worldwide, anywhere that payment cards are stored, processed or transmitted. If you process credit cards at your merchant location, PCI DSS applies to your business.
How should you approach PCI DSS?
Because compliance is required, you should learn about PCI DSS and consider using a self-service PCI DSS program. Many credit card processors like Vantiv Integrated Payments , offer services that can help you comply with PCI DSS. Vantiv Integrated Payments offers the tools to achieve and maintain compliance quickly and easily through our Merchant SecureAssist® solution, offered in collaboration with the compliance and data security experts at Trustwave®.
The foregoing is provided for information purposes only, and is not legal advice. You should review your compliance obligations with your own legal or other advisors.
Visa, MasterCard, American Express, and Discover are registered marks belonging to one or more unaffiliated third parties that do not endorse or sponsor Vantiv Integrated Payments, LLC.
- More Secure Ways To Pay
- Small merchants use tokenization
- What merchants should know
- Merchant cash advance for small business
- What is a merchant cash advance
- Bridging the Gap Part 1: New Customer Expectations
- Bridging The Gap Part 2: Merchant's current reality
- Bridging The Gap Part 3: Digital Commerce
- Breach Report
- Safe and Sound: 4 Tips to Secure Your Business
- Securing the Customer Experience
- Top Five Payment Technologies You Should Not Ignore
- Ways Merchant Can Hurdle Mobility POS Adoption Challenges
- The Time is Now to Develop a Mobile App
- Reasons Consumers Shop Online
- PCI for Retailers
- Loyalty and Payments
- E2E and Tokenization For Your Business
- Avoiding Fraud on your ecommerce site
- The Top 3 Data Breaches of 2014
- Today's Emerging Payments Trends
- EMV: What You Need To Know
- Learn What's New With PCI 3.0
- Integrated Payments and Security
- The Four Levels of PCI Compliance
- PCI Compliance For Restaurants
- POS Security Best Practices
- What does it take to be PCI compliant?
- Beyond cuisine
- What is PCI Compliance
- Article-More repeat business for your restaurant
- Protect Customer Data at the POS
At Your Fingertips
The impending shift in liability for card-present fraud is driving a transition to EMV. Are you ready? This handbook can help you prepare.
Vantiv Integrated Payments is ready for EMV and has the technology and a network of providers that merchants need to enter the new era of payments.