PCI-DSS Information & History

pci cardlockAs ecommerce began to grow in popularity in the late 1990’s, credit card companies quickly began to realize the need for a security standard that would protect both cardholders and the merchants running their cards. After a few years of trial and error, the Payment Card Industry Data Security Standards, or PCI-DSS, were created.

The PCI-DSS are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. They apply to all entities that store, process, and/or transmit cardholder data. So, if you are a card accepting merchant – regardless of whether you are retail or ecommerce, Card Present or Card Not Present – you must take the PCI Self-Assessment Questionnaire (SAQ) to verify your PCI-DSS compliance. This SAQ must be completed annually, to ensure that merchants are always up-to-date on the current security standards and know how to best implement these protections. Completing your questionnaire will also save you from getting hit with a non-compliance fee!

The Payment Card Industry has not always been unified in its attempts to combat fraud. In the late 90’s, VISA was the first credit card company to begin searching for a method to standardize security requirements for merchants, calling it their Cardholder Information Security Program. The other companies soon followed suit, each naming their program something different: MasterCard’s Site Data Protection, American Express’ Data Security Operating Policy, and Discover’s Information Security and Compliance. Since most merchants accept all of these different credit cards, that would mean that you would need to complete compliance for each of these separate organizations annually! Luckily, all of these companies joined together at the end of 2004 to present the PCI-DSS as we now know it, with a single compliance test that applies to all cards.

The PCI Security Standards Council also has additional fail safes in place to make sure you are really following all of the security standards laid out in the SAQ. They require that all businesses with more than 6 million credit card transactions per year undergo an annual PCI audit conducted by a qualified auditor. Small businesses – those who process less than 1 million credit card transactions annually – will most likely only receive a PCI audit if they have suffered a data breach, though it could occur for other reasons as well.

The team at eCMS has become proficient in assisting merchants achieve PCI compliance from our many years in the credit card processing industry. If you have any questions about PCI compliance, please feel free to call us at 888.277.3332.Payment-Card-Industry-Data-Security-Standard-Level-1-PCI-DSS-certification_image_news_listing

6 Responses to "PCI-DSS Information & History"
  1. Informative article, just what I was looking for.

  2. Anonymous says:

    I love this blog, always great content

  3. Anonymous says:

    great post and valid points

  4. Anonymous says:

    Terrific work! That is the type of info that is supposed to be shared across the net.

    Disgrace on Google for now not positioning this publish higher!
    Come on over and discuss with my web site .
    Thanks =)

  5. Anonymous says:

    I would like to convey my love for your kind-heartedness giving support to persons who actually need help on this important concept. Your real commitment to passing the solution all around had been extremely beneficial and has usually allowed others much like me to arrive at their targets. The interesting tutorial signifies so much a person like me and additionally to my office workers. Thanks a ton; from all of us.

  6. Anonymous says:

    I love what you guys are up too. This kind
    of clever work and exposure! Keep up the great works
    guys I’ve added you guys to my personal blogroll.

Comments are closed.