What is PCI DSS
It seems that hardly a day goes past without some news of a scandal involving online credit card fraud or identity theft. Sometimes these crimes happen because of ‘phishing’, where members of the public are tricked into providing their details to scammers. Other times the card holders are the innocent victims, left out of pocket because of poor data and network security on the part of the merchants they are transacting with. Whilst in this case there would obviously be recourse for the individual, such data theft costs all parties in the long run, especially the merchant, who may suffer incalculable damage to their reputation.
To protect against this eventuality new security benchmarks are being implemented. All merchants will need to be compliant with these criteria, collectively known as the Payment Card Industry Data Security Standard (PCI DSS). The 12 part PCI DSS has been developed by the Payment Card Industry Security Standards Council (PCI SSC), a collective organisation that represents the major global payment card brands.
In order to continue offering payment processing by these major cards, all businesses, regardless of size, will need to prove their compliance with the Standard. This auditing will need to be undertaken annually and the deadline for initial compliance depends on card provider, country of operation and business size. (In some cases this deadline has already passed!)
