The Payment Card Industry Data Security Standard or PCI DSS for short is a compliance standard that defines data security requirements relating to the processing, storage or transmission of cardholder data.
The PCI DSS was founded in December 2004 by 5 major card brands – Visa, Mastercard, American Express, Discover and JCB. In 2006, the card brands formed the PCI Security Standards Council (PCI SSC), an independent council established to maintain and update the PCI standards.
The standard was agreed by the major card brands as a common, consistent and secure minimum level of protection to be applied by all organisations that process, store or transmit cardholder data to safeguard payment card data and payment card customers. PCI DSS applies to card payments accepted in person, over the phone or online.
PCI DSS was developed in response to the ever increasing impact and costs of payment card fraud. By 2004 annual fraud losses on UK-issued cards had reached £504.8 million but by 2011 losses had dropped to £341.0 million despite the continuing growth of card use and transaction volumes.
A large part of this drop can be attributed to the improved data security practices implemented by merchants as they achieved PCI DSS compliance.
Why is it important?
PCI DSS is a minimum standard that should be used to minimise the risk to cardholder data. Furthermore, it is an industry regulatory requirement worldwide. It is of vital importance to the payment card ecosystem, a breach or theft of cardholder data affects the entire chain. This can lead to customers loosing trust in merchant businesses and financial organisations.
Worse still it means being subject to severe fines that can cripple a business. In the following video ‘Just what is PCI DSS?’ we look at the standard and why it is important. For further information visit the PCI Security Standards Council website.
If you are a merchant that requires technical or PCI DSS help, please click here