John Barker PC and Network Consulting
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card issuers including Visa, MasterCard, American Express, Discover, and JCB.
PCI compliance involves more than just your website. If your business takes credit card numbers over the phone, has face-to-face transactions, or keeps paper records that contain credit card numbers there are PCI requirements concerning that aspect of your business that has nothing to do with your website.
WHAT LEVEL OF PCI COMPLIANCE DO I NEED?
Although the PCI DSS must be implemented by all entities that process, store or transmit cardholder data, formal validation of PCI DSS compliance is not mandatory for all entities. Currently both Visa and MasterCard require merchants and service providers to be validated according to the PCI DSS. Smaller merchants and service providers are not required to explicitly validate compliance with each of the controls prescribed by the PCI DSS although these organizations must still implement all controls in order to maintain safe-harbour and avoid potential liability in the event of fraud associated with theft of cardholder data.
I can help your organization determine the level of compliance necessary and assist in the implementation of that compliance.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card issuers including Visa, MasterCard, American Express, Discover, and JCB.
PCI compliance involves more than just your website. If your business takes credit card numbers over the phone, has face-to-face transactions, or keeps paper records that contain credit card numbers there are PCI requirements concerning that aspect of your business that has nothing to do with your website.
WHAT LEVEL OF PCI COMPLIANCE DO I NEED?
Although the PCI DSS must be implemented by all entities that process, store or transmit cardholder data, formal validation of PCI DSS compliance is not mandatory for all entities. Currently both Visa and MasterCard require merchants and service providers to be validated according to the PCI DSS. Smaller merchants and service providers are not required to explicitly validate compliance with each of the controls prescribed by the PCI DSS although these organizations must still implement all controls in order to maintain safe-harbour and avoid potential liability in the event of fraud associated with theft of cardholder data.
I can help your organization determine the level of compliance necessary and assist in the implementation of that compliance.