This executive commentary from Markiyan Malko, director of research and development at Merchant Warehouse takes a look at the compliance standards for the Payment Card Industry. These standards are known as the Payment Card Industry Data Security Standards, or PCI DSS, and are rules that apply to any organization that uses, processes, or stores sensitive cardholder data. All debit cards and prepaid cards with any major credit card brand logo are considered payment cards.
PCI DSS are defined by the Payment Card Industry Standards Council. This council is a self-regulating organization formed to establish standards in the industry and is not a government agency. Previously the four major credit card issuers had their own standards. PCI DSS was created to combat credit card fraud, security breaches, and identify theft and when met offer a supplemental lay of protection against unauthorized use of transmitted or stored transaction information.
This article further lays out the requirements for PCI compliance including establishing a secure network, securing the network/system from threats, managing the network/systems, and controlling access to data. It also provides answers to some commonly asked questions about PCI compliance including the use of Square and PayPal, SSL certificates, and payment processing devices.