Security

The security of cardholder data affects everybody.

The breach or theft of cardholder data affects the entire payment card ecosystem. Customers suddenly lose trust in merchants or financial institutions, their credit can be negatively affected -- there is enormous personal fallout. Merchants and financial institutions lose credibility (and in turn, business), they are also subject to numerous financial liabilities.

 The best way to maximize security of cardholder data is to continuously monitor and enforce the use of controls specified in the PCI Data Security Standard.  

Many organizations treat compliance as a one-time, annual event. But only focusing on an annual compliance assessment can create a false sense of security.

Forensic investigators have discovered that security controls deployed by organizations that had passed an assessment were often out of compliance when breaches occurred at a later date. It’s only by achieving and maintaining compliance that your cyber defenses will be adequately primed against attacks aimed at stealing cardholder data.

Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data.

The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.

Ideal for small merchants and service providers that are not required to submit a report on compliance, a Self-Assessment Questionnaire (SAQ) is designed as a self-validation tool to assess security for cardholder data.

The Self-Assessment Questionnaire includes a series of yes-or-no questions for each applicable PCI Data Security Standard requirement. If an answer is no, your organization may be required to state the future remediation date and associated actions.

There are different questionnaires available to meet different merchant environments. You can easily find the Self-Assessment Questionnaire that best describes how you accept payment cards. If you are not sure which questionnaire applies to you, contact your acquiring bank or payment card brand for assistance.

The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.

PCI Security Standards are developed specifically to protect payment account data throughout the payment lifecycle and to enable technology solutions that devalue this data and remove the incentive for criminals to steal it. They include standards for merchants, service providers, and financial institutions on security practices technologies and processes, and standards for developers and vendors for creating secure payment products and solutions.

The imminent release of PCI DSS Version 4.0 heralds a new era in data security standards. Building upon the robust foundation of its predecessors, this updated version from the PCI Security Standards Council (PCI SSC) incorporates cutting-edge measures to address evolving cyber threats and technology landscapes. 

As businesses prepare for the transition to this latest iteration, they can anticipate a more comprehensive and adaptable framework that aligns with the ever-changing nature of the payments industry, ensuring a resilient defense against emerging security challenges.