PCI compliance – What it means
The payment card industry (PCI) refers to anything related to the debit, credit, prepaid, e-purse, ATM and POS cards used on an international basis, as well as all of the associated businesses and practices involved within. The term generally refers to a more specific organization known as the Payment Card Industry Security Standards Council, which was initially formed by a combination of American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International; as an independent counsel to manage the ongoing evolution of the PCI industry on a global scale. In short, the PCI DSS is an information security standard defined by the PCI council to ensure worldwide security for merchants like yourself, consumers and the financial institutions backing the credit cards. The current standard was initially created to help organizations such as ISOs (independent sales organizations) who work hand in hand with businesses like yours to facilitate credit card sales. Its aim is to prevent credit card fraud through a series of increased controls regarding data and their exposure to compromise, such as with identity theft. The current standard applies to any and all organizations on a global basis which either hold, process, or exchange credit card information from any of the companies involved with the PCI compliance agreement.
This is good news for your business, because it means someone is on your side looking to protect their most vital asset: your working capital. The validation of compliance is vital to the success of any business, and depending on the volume of card transactions your company might be handling, the flow of information involved can sometimes be overwhelming, with inherent risks. PCI compliance helps to reduce those risks by accessing the flow of information and making sure the highest standards of security are maintained.
Enforcement of compliance is performed through the organizations who are involved in the group. For example, Visa or MasterCard transactions are handled by the acquirer of that specific organization, while those organizations associated with American Express transactions deal specifically with American Express. For the most part, your role as a merchant is to simply let the PCI compliance people do what they do best: protect your business.
Considering the flow of information on the Internet and the problems with identity theft, the PCI compliance group is continually evaluating ways to make the system even more airtight, such as requiring more stringent standards for wireless transactions on your part, ensuring that the highest levels of security are updated on your website and that the proper firewalls are being used to protect information from outside sources. This can range from a WIPS (Wireless Intrusion Prevention System) to the aforementioned security measures on your wireless connection. In July 2009, the PCI Security Standards Council published a new set of guidelines for organizations like your own to use in regards to networks that process or transmit credit card data. It is vitally important that you stay current with PCI compliance, in order to maintain security and comply with the required standards.