There has been plenty of talk about the concept of the Payment Card Industry Data Security Standard (PCI-DSS), especially after the recent data breaches at US retailer Target and Neiman Marcus, exposing credit card data on millions of consumers.
But what is PCI-DSS and why does it matter?
1. What is PCI-DSS?
Set up by Visa, MasterCard and other credit card organisations in 2004, PCI-DSS is a list of 12 requirements applied to all organisations or merchants to ensure they use appropriate security to store and protect credit cards against the misuse of personal information.
This requires companies to hold data in isolated areas within an IT network. It also states companies must encrypt all other card data, use up-to-date anti-virus software and a properly configured firewall, regularly monitor their security software and conduct security audits. A full list of standards can be found here.
Under the Data Protection Act, the Information Commissioner’s Office (ICO) and major credit card issuers may impose large fines on organisations or prevent them from processing transactions if they fail to meet these obligations.