|Regulatory Compliance Overview|
|USA PATRIOT Act|
Ask the Experts
Submit a no-obligation question about PCI compliance.
A copy of the PCI DSS is available here.
Recent accounts of highly-publicized data breaches occurring in companies that are seemingly PCI compliant, begs the question, "does PCI compliance equal security?" The answer is, "not necessarily."
The PCI Security Standards Council's goal in forming the standards was to create a unified outline of the minimum security necessary to transmit, process and store cardholder information. Payment card information is a high-profile target and the tactics of cybercriminals are becoming more and more sophisticated. No organization is ever entirely secure; but with proper defenses, businesses can mitigate their risk and make it more difficult for cybercriminals to breach their private network.
Organizations of all sizes should blend compliance into ongoing operations. Security, by definition, involves safeguarding confidential information, protecting against fraud, ensuring systems are available so you can generate revenue, and making sure there are no errors in the stack. When you do all these things, you inherently wind up fulfilling the intent of all major regulatory and industry compliance regulations.
Going a bit above and beyond the periodic audits and network scanning required by PCI standards can yield a lot more value to an organization and, in most cases, does not add as much additional expense as may be perceived.
InfoSight provides a variety of tools, guidance, training resources and other IT security services to assist organizations seeking to achieve PCI compliance. We can help you build and maintain a high security posture, help you understand what is involved in PCI compliance, and assist in developing policies and practices that best fit your needs.
PCI compliance standards will continue to evolve over time. Contact us to help you build and maintain a high security posture while ensuring PCI compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). The payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
Do you have something to add to this definition? Let us know.Email your comments and contributions.