When customers offer a payment card at the point of sale, over the Internet, on the phone, etc., they naturally want a high level of confidence that their account information is safe. In addition, the impact to a business from a breach in payment card data security can be considerable through negative publicity and the loss of goodwill and revenue that can result from it.
To address this, the major payment card issuing organisations founded the Payment Card Industry (PCI) Security Standards Council. This organisation is tasked with managing the evolution of the PCI Data Security Standard (DSS), the application of which is enforced by the individual payment card issuing organisations.
PCI DSS is a multifaceted security standard, requiring organisations to address topics such as security management, policies, procedures, network architecture, software design and other critical protective measures. Non compliance with this standard can attract heavy fines from the card issuing organisations or even withdrawal of the payment card facility altogether.
For many organisations this means re-focusing their information security processes, not only in the IT area but also general business area. The main issue here for many organisations is sensible, pragmatic interpretation and application of the standard. This requires expertise and additional experienced resource in the early, critical stages of planning and preparing for compliance.