About this iReport
  • Not verified by CNN

  • Posted March 20, 2014 by

    More from MikeHawk319

    The Payment Card Industry Data Security Standard


    The Payment Card Industry Data Security Standard or PCI DSS is a set of requirements which is designed to ensure that all companies that process, store or transmit credit card information maintain a very secure environment.

    The Payment Card Industry Security Standards Council or simply PCI SSC, on the other hand, was established on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry security standards with focus on improving payment account security throughout the entire transaction process. Indeed, the PCI DSS is administered as well as managed by the PCI SSC which is an independent body which was created by the major payment card brands. Take note that the payment brands as well as acquirers are responsible for enforcing compliance and not the PCI council.

    PCI will apply to all organizations or merchants, no matter what their sizes are or the number of transactions they had that accepts, stores and transmit any cardholder data.
    What is a cardholder data? Well, this refers to any personally identifiable data associated with a cardholder. This will include the cardholder’s name, account number, address, expiration date, and social security number. In other words, cardholder data refers to all personally identifiable information associated with the cardholder that is stored, processed or transmitted.

    Merchant, on the other hand is defined as any entity that accepts payment cards bearing the logos of any of the five members of the PCI SSC – American Express, JCB, MasterCard, Visa or Discover – as payment for certain products and services. You must also understand that a merchant can also become a service provider if the services sold will result in storing, processing or transmitting cardholder data on behalf of the other service providers or merchants.

    When dealing with PCI DSS, you can also hear about payment gateway. So what is it? Payment gateways connect a merchant to the bank or processor which is acting as the front-end connection to the card brands. They are called gateways because they can take many inputs from various applications and route to those inputs to the right bank or processor. Gateways communicate with the processor or bank with the use of dial-up connections, web-based connections, or even privately held leased lines.

    If you have multiple business locations under similar Tax ID, then you only need to validate your PCI Compliance once annually for all locations. And in case you just accept credit cards over the phone, PCI still apply to you because basically, all businesses that store, process or transmit payment cardholder data must comply with the PCI DSS.

    Add your Story Add your Story