Payment Card Industry Security Standards Council (PCI SSC)

As its name suggests, the Card Industry Security Standards Council establishes security standards for the card industry. The standards for the PCI DSS were developed and published by this council which is formed by all leading credit card businesses such as MasterCard, Visa, American Express and JCB. These standards apply to all participating partners in the payment process.

The PCI standards have a central role in fraud prevention as they hold all organizations responsible and ensure a strong encryption of sensitive payment data. This is elaborated through six major objectives.

  • Networks must be secured through robust firewalls and allowing customers to conveniently and frequently change their payment data.
  • Cardholder information must be protected by digital encryption.
  • Systems must be protected by anti-virus software, anti-spyware programs and anti-malware solutions, which must be kept up to date.
  • Access to system information and operation must be restricted and controlled physically and electronically, notably through the use of unique and confidential identifications for employees and document shredders or locks and chains on dumpsters.
  • Monitoring and testing of the networks’ security features must be continuously undertaken.
  • A formal information security policy must be defined, maintained and followed at all time and by all participating entities.

Furthermore, the provision of non-compliance fines, ranging from $5,000 to $500,000, reinforces the obligation to adhere to these standards.