What are the Payment Card Industry (PCI) Data Security Standards?
The PCI Data Security Standards are association (Visa/MasterCard) mandated requirements for handling of credit card information, classification of merchants, and validation of merchant compliance. Merchants are responsible for the security of cardholder data and must be careful not to store certain types of data on their systems or the systems of their third party service providers. Merchants are also responsible for any damages or liability that may occur as a result of a data security breach or other non-compliance with the PCI Data Security Standards. The information security principles contained within these standards are based on ISO 17799, the internationally recognized standard for information security practices.
The PCI Data Security Standards is a set of requirements created by the PCI Security Standards Council. You can download the exact specification at http://www.pcisecuritystandards.org. The Council was founded by the five major card brands: VISA, MasterCard, American Express, Discover, and JCB. This industry consortium mandates handling of credit card information, classification of merchants, and validation of merchant compliance. As a merchant, you are responsible for the security of cardholder data and must be careful not to store certain types of data on your systems or the systems of your third party service providers. You are also responsible for any damages or liability that may occur as a result of a data security breach or other non-compliance with the PCI Data Security Standards. The information security principles contained within these standards are best practices drawn from the NIST and draw from internationally recognized standard for information security practices.
