PCI DSS

Improving security and cutting fraud
Card schemes – such as MasterCard and Visa – need to make sure merchants have protection in place to deter hackers and criminals. Cardholder data is a tempting target for fraudsters – and there’s been a series of recent high-profile security breaches around the world.

What is PCI DSS?
The PCI Security Standards Council manages the security standards for the payment cards industry. The council was formed by Visa, MasterCard, American Express, JCB and Discover.

It works across five main areas:

• Develop and maintain a global, industry-wide technical data security standard to protect card-holders’ account information
• Reduce costs and lead times to implement the Data Security Standard. The council works to establish and ensure compliance with common technical standards and audit procedures
• Providing a list of globally available, qualified security solution providers on its web site to help the industry become compliant.
• Lead training, education, and a streamlined process for certifying Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs). This provides a single source of approval recognised by all five founding members.
• Provide a transparent forum, where all stakeholders can contribute to the ongoing development, enhancement and dissemination of data security standards.

Compensating Controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints but has sufficiently mitigated the risk associated with the requirement through implementation of other controls.