Time and time again, security breaches and system exploits have resulted in the theft of millions of dollars worth of credit card details and personal document information. Over the years, large businesses including banks have suffered security breaches which caused the theft of customer private data. In 2004, the Payment Card Industry Data Security Standard was created in a joint effort by the major credit card companies American Express, Visa, MasterCard and Discover, with each one of the credit card companies having its separate standard detail. On the 30th June of 2005, the PCI DSS regulations were standardized and implemented.
Each credit card company created its own security policy as follows:
American Express: Data Security Operating Policy (DSOP)
Visa: Cardholder Information Security Program (CISP)
Discover: Discover Information Security and Compliance (DISC)
MasterCard: MasterCard Site Data Protection (SDP)
The PCI Compliance regulation is designed to be implemented by organizations which process transactions made through these credit or debit card types, and severe penalties may be imposed on businesses which suffer a security breach as a result of lack of compliance to the PCI standard. Also, businesses which do not enforce the compliance correctly, or choose not to comply, may be denied the right to process card transactions altogether. Since the compliance regulations are subject to constant development and improvement, participating businesses are required to closely observe the changes in any requirements of the card systems which they process.
PCI Security Standards Council duties:
Develop and maintain a global, industry-wide, technical data security standard for the protection of account holder account information.
Reduce costs and lead times for Data Security Standard implementation and compliance by establishing common technical standards and audit procedures for use by all payment brands.
Provide a list of globally available, qualified security solution providers via its Web site to help the industry achieve compliance.
Lead training, education and a streamlined process for certifying Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs), providing a single source of approval recognized by all five founding members.
Provide a transparent forum in which all stakeholders can provide input into the ongoing development, enhancement and dissemination of data security standards.
PCI compliance standard aims to stop the cause of online financial and identity theft from its source by ensuring the systems which process and store customer details and transaction information are secure.