Saturday, September 19, 2009

What is the Payment Card Industry Security Standards Council

PCI refers to the Payment Card Industry, this is shortened from Payment Card Industry Security Standards Council. We'll just call it PCI. Visa, MasterCard, Discover, American Express formed the PCI council to protect cardholder data.

The PCI council developed the Payment Card Industry Data Security Standard. This helps organizations that processing credit card transactions to prevent credit card fraud by increased controls over the data. This standard applies to all organizations with hold, process or transmit cardholder data.
To be in compliance the merchant must have annual compliance reviews. Reviews can be done internally or externally depending on the volume of credit card transactions. Larger volume merchants will have an independent assessor or a Qualified Security Assessor do the review. Smaller ones can use the Self Assessment Questionnaire.
There are ways to remove or lower your PCI compliance level.
Merchants should already be accepting eChecks just for the cost savings, but it also removes the need for PCI compliance. Tokenizaton turns credit card numbers into a token that is useless to hackers. Finally using your solution providers web payment page will have the credit card information entered on their PCI complaint site, not yours.

No comments: