What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.

“If organizations want to protect themselves and their customers from potential losses or damages resulting from a data breach, they must strive for ways to maintain a continuous state of compliance throughout the year rather than simply seeking point-in-time validation. A study conducted by Verizon from 2011 to 2017 on organizations that had a data breach, showed that many of the organizations that were assessed as being non-compliant at the time of their breach had successfully complied during their previous PCI DSS assessment and had lapsed into non-compliance. Through a combination of people, processes, and technology, organizations must incorporate continuous security and compliance practices into their culture and daily operational activities.”

Best Practices