In response to the rise in internet fraud and identity theft associated with credit cards, MasterCard Worldwide and Visa International took an initiative in 2005 to institute a consistent data security mechanism for all major stakeholders including banks, credit card service providers, financial institutions and merchants. As a result, PCI compliance standards were developed to ensure better security and protection of personal information during the payment process whether online or in stores. The PCI (Payment Card Industry) standards were further revised and improved in September 2006 and the final document provides more detailed Data Security Standards (DSS) for merchants. In simple words, PCI compliance ensures better security during an online or in store transaction with credit cards.
Security RequirementsThe PCI security standards include layers of protection that need to be insured by financial institutions, merchants and service providers while processing funds using credit cards. These standards include a comprehensive set of requirements from any company interested in processing payments through credit cards like:
- Maintaining policies like Information Security Policy.
- Procedures related to implementing Access Control Measures.
- Security management like maintaining a secure network.
- Software Design that can protect cardholder data.
- Network architecture and regular monitoring & testing of networks.
- Maintaining a vulnerability management program.