The Payment Card Industry Data Security Standard is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The standard was created to help organizations that process card payments prevent credit card fraud through increased controls around data and its exposure to compromise. The standard applies to all organizations which hold, process, or pass cardholder information from any card branded with the logo of one of the card brands.
The standard is maintained by the Payment Card Industry Security Standards Council, which maintains both the PCI DSS and a number of other standards, such as the Payment Card Industry PIN Entry Device security requirements (PCI PED) and the Payment Application Data Security Standard (PA-DSS).
Validation of compliance regardless of the size of the organization, must be assessed annually. Organizations handling large volumes of transactions must have their compliance assessed by an independent assessor known as a Qualified Security Assessor (QSA), while companies handling smaller volumes have the option of self-certification via a Self-Assessment Questionnaire (SAQ). In some regions these SAQs still require sign-off by a QSA for submission.
Enforcement of compliance is done by organizations processing branded card transactions, compliance is enforced by the organization’s acquirer. Non-compliant companies who maintain a relationship with one or more of the card brands, either directly or through an acquirer risk losing their ability to process credit card payments and being audited and/or fined.
For more information please visit the following web site.
“Payment Card Industry Data Security Standard.” Wikipedia, The Free Encyclopedia. 9 Aug 2009, 00:48 UTC. 9 Aug 2009
Micro Attacks: The New Fraud Scheme – Criminals are starting to target smaller merchants that neglect security concerns and make for easy targets.