The Payment Card Industry Data Security Standard (PCI DSS) was discovered in 2004, which was around the time when companies all around the world realised how valuable the internet was as a tool. As the internet era reached its maturity, companies started leveraging it as a means to receive payments from their customers online.
As this feature became commonplace amongst consumer behaviour, an increasing number of people became comfortable making purchases online via their credit cards. Although the ability to make payments online was seen as a convenience it made businesses and customers alike extremely vulnerable to a plethora of risks - malicious actors had more ways to steal credit card information from unaware prey whose networks hadn’t been secured.
As data theft reached an all-time high, the five largest credit card brands; VISA, Mastercard, Discover, American Express and JCB chose to implement the Payment Card Industry Data Security Standard (PCI DSS) to help prevent customer and business security breaches. With the birth of this regulation and the PCI Security Standards Council - the PCI Compliance became an important step towards securing credit card payments all around the world.
To assist in monitoring compliance standards, the payment brands established the PCI Security Standard Council, whose responsibility was to manage the ongoing evolution of the Payment Card Industry Security Standard.
The PCI Compliance soon became a self-regulated mandate meaning that organisations and sellers now are liable for maintaining compliance through all stages of the payment process. The credit card companies made PCI Compliance a self-regulated mandate, which meant organisations and sellers were responsible for maintaining compliance through every stage of the payment process.
So while the council sets the standards and requirements, it became the payment brand’s responsibility to enforce them on sellers and organisations that chose to receive payments via their credit cards.
If you are an organisation that accepts, processes, transmits or stores credit card payments from customers, you’re required to comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS compliance ensures organisations secure cardholder data from a potential data breach. It is not one-off compliance, but an ongoing process of ensuring an organisation has the necessary structures in place to protect customer data.
Cardholder or payment data is at stake if your organisation isn’t compliant with the PCI Data Security Standard, this data includes:
If your organisation is required to store the above sensitive data, it is extremely important to make sure that you take appropriate steps to ensure the data is secured and safe from any malicious activity. To identify how your organisation may be vulnerable to any breach, it is useful to educate yourself on how these attacks may happen. Below are a few examples of how your valuable data can be stolen:
These are just a few of the ways valuable data can be stolen. As malicious actors get smarter, it is important for your organisation to level up its own efforts towards securing its payment life cycle, from accepting credit cards from customers at the point of sale to processing the payment till it reaches your merchant account.
The PCI Standards applies to all entities that store, process or transmit cardholder data including: