Payment Card Industry: Compliance Overview

The Payment Card Industry (PCI) has decided that organizations that transmit, store, or process credit card data, in particular, the Primary Account Number (PAN), be compliant with the PCI Data Security Standard (PCI-DSS). Once you start using payment card data, the compliance is mandatory, all encompassing, and immediate.

The mandate for PCI-DSS compliance has been agreed to by the following card brands: Visa, MasterCard, American Express, JCB International, and Discover Financial Services. Another little item is that there are other protection requirements for ancillary data in the PCI-DSS. The PCI-DSS 1.1 standard can be found at the following URL: https://www.pcisecuritystandards.org/pdfs/pci_dss_v1-1.pdf.

It is important to note that if a company is not compliant, they risk losing their ability to process credit card payments and they may also be fined. It can’t be overstated that from our understanding compliance is mandatory, all encompassing, immediate, and perpetual regardless of how big or small or they type of user you are. Meaning you have to do it, it must be 100%, it starts as soon as you start using cardholder data, and it lasts until the last bit of cardholder data is no longer used. Many companies don’t seem to get how deep and lasting the claws of PCI-DSS are.

PCI requires that anyone under the PCI-DSS prove their compliance via annual assessments. There are four different levels of assessments that can be performed. Which level an organization falls under is roughly determined by how many credit card transactions a company performs coupled with the total value of these transactions as well as the type of entity (i.e., all service providers must pass a Level 1 assessment). Each card brand, not surprisingly, has its own definition for each level: however, they have been merging over time.

It should be noted that many organizations who are required to perform the Annual Self-Assessment Questionnaire often use a third party consulting firm, who specializes in these kinds of assessments, to help them perform the audit to ensure completeness . Failure to pass an assessment may result in having a companies ability to use the credit card(s) revoked.

The process to become and maintain the QSA certification is non-trivial, and arguably one of the most stringent in the industry. PCI is doing their best to ensure the organizations and people doing the assessment work are qualified and able to deliver a quality product.

18 replies
  1. tinyurl.com
    tinyurl.com says:

    I loved as much as you’ll receive carried out
    right here. The sketch is attractive, your authored subject
    matter stylish. nonetheless, you command get bought an edginess over
    that you wish be delivering the following. unwell
    unquestionably come more formerly again since exactly the same nearly a lot often inside
    case you shield this increase.

  2. plenty of fish dating site
    plenty of fish dating site says:

    I’ve been browsing on-line more than 3 hours as of late, yet I never discovered any interesting article
    like yours. It’s pretty value sufficient for me.
    Personally, if all site owners and bloggers made good content material
    as you probably did, the web might be a lot more helpful than ever before.

  3. ps4 games
    ps4 games says:

    I’m really loving the theme/design of your blog. Do you ever run into any
    browser compatibility problems? A number of my blog audience have complained about my blog not operating correctly in Explorer
    but looks great in Firefox. Do you have any ideas to help fix this
    problem?

  4. quest bars cheap
    quest bars cheap says:

    My partner and I stumbled over here different web
    address and thought I may as well check things out.
    I like what I see so i am just following you. Look forward to going over your web page yet again.

  5. ps4 games
    ps4 games says:

    fantastic publish, very informative. I ponder why the opposite
    experts of this sector don’t realize this.
    You must proceed your writing. I am sure, you have a great readers’ base already!

  6. quest bars cheap
    quest bars cheap says:

    Its like you read my mind! You seem to know so much about this, like you wrote the
    book in it or something. I think that you can do with a
    few pics to drive the message home a bit, but instead
    of that, this is fantastic blog. An excellent read. I’ll certainly be back.

  7. quest bars cheap
    quest bars cheap says:

    An interesting discussion is worth comment.
    I believe that you ought to publish more about this issue, it may not
    be a taboo subject but generally people do not speak about such topics.
    To the next! Cheers!!

  8. ps4 games
    ps4 games says:

    I know this if off topic but I’m looking into starting my own blog and
    was wondering what all is required to get set
    up? I’m assuming having a blog like yours would cost a pretty penny?
    I’m not very internet smart so I’m not 100% certain. Any
    recommendations or advice would be greatly appreciated.
    Kudos

  9. ps4 games
    ps4 games says:

    Great blog here! Also your website loads up fast! What host are
    you using? Can I get your affiliate link to your host? I wish my site loaded up as fast as yours
    lol

  10. quest bars cheap
    quest bars cheap says:

    Generally I don’t learn article on blogs, but I would like to say
    that this write-up very pressured me to take a look at and do it!
    Your writing style has been surprised me. Thanks, very nice
    article.

  11. quest bars cheap
    quest bars cheap says:

    Hi, i read your blog occasionally and i own a similar one and i was just
    curious if you get a lot of spam responses? If so how do you stop it,
    any plugin or anything you can suggest? I get so much lately it’s driving me crazy so any support is very
    much appreciated.

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.