About the PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a document that offers comprehensive standards to industry entities. The PCI DSS framework provides entities with actionable requirements meant to develop a payment card data security process. The goal of the security process is to reduce payment card fraud and data security breaches.
Originally, the PCI DSS began as five separate programs by global payment brands: American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. Each of these programs had a similar goal: to add a level of protection for card issuers by making sure that companies satisfy minimum security levels while storing, processing and transmitting cardholder data (CHD). The first unified security standard approved by all five major payment card brands, the PCI DSS 1.0, debuted in December 2004.
In September 2006, the five brands established the Payment Card Industry Security Standards Council (PCI SSC). The purpose of this independent group was to manage, maintain, and update the PCI DSS.
Over the years, the PCI DSS has been updated six times in order to provide more clarity and consistency to requirements, as well as to account for advances in technology and the discovery of new potential threats to data security.
About the PCI DSS 3.1
The most recent version, PCI DSS 3.1, was released in April 2015. Currently, the framework outlines 12 requirements that fall into 6 related categories. Together, these guidelines provide industry entities a plan for creating and maintaining a payment card data security process. The PCI DSS must be implemented by any payment card industry entity that processes, stores or transmits CHD. These industry entities include: vendors, merchants of any size and any other organizations or service providers involved in the payment process.
How to Achieve PCI Compliance
In order to achieve compliance with the PCI DSS, entities must comply with the 12 requirements, the process of which can be broken down into three steps: assess cardholder environment technology and processes, remediate vulnerabilities discovered and submit reports to the appropriate acquiring banks and payment card brands. By complying with the DSS, entities also protect relationships with their partners. For example, PCI compliant hosting helps software providers establish and maintain trust with their business partners. This in turn helps PCI compliant merchants keep the trust of their own customers.