What is PCI?

The beginning of the twenty-first century has seen such a sharp rise in consumer payment information fraud the need to have a standard for proactive protection was all but inevitable – Enter the Payment Card Industry (PCI) Data Security Standards (DSS).

The PCI DSS are technical and operational requirements established by the PCI Security Standards Council (PCI SSC) which apply to all payment card network members, merchants and service providers that store, process or transmit cardholder data with specific guidance for software developers and manufacturers of applications and devices used in payment card transactions. The PCI DSS affects all payment channels, including retail (brick-and-mortar), mail/telephone order and e-commerce.

The Council is responsible for managing the security standards, while compliance* with the PCI set of standards is enforced by the founding members of the Council; American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating organizations include merchants, payment card issuing banks, processors, developers and other vendors. Compliance with the PCI DSS helps these organizations alleviate some of the vulnerabilities they face, protect cardholder data, and ensure consistent data security measures on a global basis.

* Compliance requirements vary depending on geographical location and on a merchant’s level in the eyes of the Payment Card Industry. Detailed information about these levels can be found at https://www.pcisecuritystandards.org/.

Why Seek Compliance?

Often a merchant will make the claim they do not need to be PCI compliant because “they know their system is secure”. It is these scenarios that substantiate the need for a set of guidelines that a merchant can follow to ensure their business does maintain effective measures to protect credit card information from being breached within their network. Failure to do so can have a very severe impact on a merchant’s business, ranging from heavy financial impact and fines to negative public press, impact on their customers and their card information.

The protection of credit card information extends far beyond just ‘knowing’ your systems are secure. There are many facets to system security that will affect a merchant’s potential for a breach that extend above and beyond their Point of Sale system. Basic operational functions such as email and Internet access can result in the Internet-accessibility of a company’s network. These seemingly insignificant paths to and from the Internet can provide unprotected pathways into a merchant’s system and can potentially expose credit card information and cardholder data if not properly monitored and controlled.

How do you get Compliance?

A merchant’s compliance begins with understanding the security of credit card information will be the responsibility of all who have access to their systems from the IT department to their general floor staff – each individual plays a role.

These roles are not limited to just those within your organization. One of the key roles in obtaining your compliance is that of an independent Qualified Security Assessor (QSAs) and/or an Approved Scanning Vendor (ASV). The QSAs/ASVs are instrumental in outlining where a merchant should begin in relation to PCI DSS compliance. Visit the PCI SSC’s site for the list of approved vendors at https://www.pcisecuritystandards.org/.

How can Retail Pro Help You with PCI?

PCI Compliance is a continuous process. Retail Pro International, a Point of Sale and Inventory Control software developer, has taken great measures to ensure all Retail Pro users have available to them a POS application which protects their payment information and aides in the process of maintaining PCI compliance. To learn more about how Retail Pro International and the Retail Pro software application can help you with your PCI concerns contact us today at info@retailpro.com or visit us at http://www.retailpro.com/solutions/PCICompliance.php.

###

Share:

Tags: AMEX, Credit Card, Discover, JCB, MasterCard, PA-DSS, PABP, PCI, PCI DSS, Visa

This entry was posted on Tuesday, February 16th, 2010 at 3:15 pm and is filed under PCI. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.