(Part 5 in our series on IT Compliance Concerns.)
What is the Payment Card Industry Data Security Standard?
In the first four parts of this series, we discussed SOX compliance (Sarbanes-Oxley or Sarbox) and HIPAA compliance (Health Insurance Portability and Accountability Act) and what Information Technology concerns arise from them. In this post we’ll look at what the Payment Card Industry Security Standard (PCI DSS or PCI) is, and how it can affect your company.
PCI DSS was originally separate security programs for five different companies: Visa, Mastercard, American Express, Discover, and JCB, a credit card company based in Japan. Each company was attempting to improve protections for storing, processing, and transmitting cardholder data. On December 15, 2004, these companies released version 1.0 of the Payment Card Industry Data Security Standard. Version 3.1 was released recently in April, 2015.
Which companies should be concerned about PCI DSS compliance?
The PCI DSS is a proprietary standard for for organizations handling Visa, Mastercard, American Express, Discover, and JCB credit cards. Private label cards are not included in the PCI DSS.
What are the penalties for failing to comply with PCI DSS?
Penalties are enforced by the payment brands, and can vary. They can include fines for banks from between $5,000 to $100,000 per month. Banks are likely to pass these fines on to merchants, who may also face having the bank terminate their relationship with the merchant or increasing transaction fees, both of which can have a profound negative effect on small businesses.
What does a business need to do to comply with PCI DSS?
Although detailed requirements can vary depending on the level of the business (determined by number of transactions), the twelve general requirements remain the same:
These requirements naturally mean challenges for your IT department. They may have to implement new security measures or more strictly enforce existing ones. (We will discuss this more detail in the next part of our series on IT compliance concerns.)
Coming soon: Part 6 in our series on IT Compliance Concerns, “What Does My IT Team Need to Know About PCI DSS Compliance?”
To learn more about PCI DSS and related issues:
Other posts in this series:
Sign up today for free & stay current with local IT news.X