The purpose of this blog is to spread knowledge and information about the PCI DSS, which stands for: Payment Card Industry Data Security Standard. It is a set of goals and procedures, mandated by the card associations. The card associations include: Visa Incorporated, MasterCard International, Discover Novus, American Express, and the Japanese Card for Business. Together, they adopted and expanded Visa Incorporated’s CISP or Cardholder Information Security Program into a frame work for merchants and processors to follow to provide the best protection for the sensitive authentication data they possess. As a condition of the payment card industry’s equivalent of the good house keeping seal of approval, all merchants and processors that processes, transmit or store sensitive authentication data must be PCI compliant, and must maintain their PCI compliance or face penalties.
Despite its obvious necessity and the security it offers, merchants and processors still aren’t motivated to be PCI compliant for the good of the electronic payments industry. Processors are charged with making sure their merchants are PCI compliant and must be PCI compliant themselves. Achieving system wide PCI compliance is a daunting task at best, and is only done through diligence and a great expense in revenue and time. Many processors pass the cost of doing business in a safe and secure environment on to the very merchants they’re responsible for safeguarding.
At PCIfree.com we feel that the basics of security should not cost anything but the time needed to implement the necessary procedures and safeguards. The PCI DSS and the goals and procedures it requires are common sense and increase the safety of all consumers, as long as everyone participates, that is. If your business isn’t PCI compliant and you transmit, process or store sensitive authentication data, you put yourself and those whose information you handle in the course of daily business at greater risk than if your business is PCI compliant. See our home page for information on how your business can be PCI compliant, for free.