The Payment Card Industry Data Security Standards Defined.
The Definition of PCI
“PCI” stands for “payment card industry.” When people talk about PCI compliance, they are typically referring to compliance with the PCI DSS. Compliance with the PCI DSS is important for many kinds of merchants and institutions, as it regulates the security of payment card data.
About the PCI DSS
The PCI DSS is an acronym for “Payment Card Industry Data Security Standard.” This standard is a framework established by the PCI Security Standards Council, an open global forum that develops, manages, educates others about, and raises awareness of the PCI Security Standards. The framework serves to reduce payment data security breaches and payment card fraud by laying out technical requirements and operational requirements for entities that possess card holder data (CHD). The PCI DSS was first created in 2006, and is periodically updated by the PCI SSC to account for developments in payment card technology.
About PCI Compliance
PCI compliance exists to protect the data of credit and debit cardholders, as well as eliminate or minimize data breaches and other security incidents. The PCI DSS specifies 12 high level requirements involving the protection of payment card data during processing, storage, or transmission in order to maintain PCI compliance. Full compliance, which consists of technical and operational provisions, is meant to prevent, detect, and react to security incidents and security breaches. To be PCI compliant, entities must assess internal operations, remediate problem areas, and submit remediation validation and/or compliance reports. Failure to comply with the PCI DSS and/or confirmed data security breaches can result in fines and/or penalties, the severity of which is defined by the individual payment card brands.