PCI DSS

The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. PCI security standards (1) help merchants and financial institutions understand and implement standards for security policies, technologies and ongoing processes that protect their payment systems from breaches and theft of cardholder data, and (2) help vendors understand and implement standards for creating secure payment solutions (PCI Security Standards Council, LLC, 2019).

Data Security Essentials Evaluation Tool – This Data Security Evaluation Tool is provided by PCI SSC for merchant information only. You can use this PCI SSC tool to gain insight about security practices relevant to the way you accept payments, to provide your responses and to see your results. However, you must contact your merchant bank and follow their instructions to formally complete a Data Security Essentials Evaluation as part of their compliance program. You cannot use this tool to submit this form to PCI SSC or to your merchant bank, nor does PCI SSC send it to your merchant bank on your behalf (PCI Security Standards Council, 2018).

The PCI DSS Quick Reference Guide explains how the PCI DSS can help protect  payment card transaction environments (PCI Security Standards Council, 2016). There are three ongoing steps for adhering to the PCI DSS: (1) Assess to identify all locations of cardholder data, taking an inventory of your IT assets and business processes for payment card processing and analyzing them for vulnerabilities that could expose cardholder data. (2) Repair to fix identified vulnerabilities, securely removing any unnecessary cardholder data storage, and implementing secure business processes. And (3) Report to document assessment and remediation details, and submitting compliance reports to the acquiring bank and card brands you do business with (or other requesting entity if you’re a service provider) (PCI Security Standards Council, 2016). PCI DSS follows common-sense steps that mirror security best practices. The PCI DSS globally applies to all entities that store, process or transmit cardholder data and/or sensitive authentication data. PCI DSS and related security standards are administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Participating Organizations include merchants, payment card issuing banks, processors, developers and other vendors (PCI Security Standards Council, 2016).

References

PCI Security Standards Council. (2016). PCI DSS Quick Reference Guide. Retrieved from https://www.pcisecuritystandards.org/document_library?category=pcidss&subcategory=pcidss_supporting#results

PCI Security Standards Council. (2018, September 10). PCI SSC Data Security Essentials Evaluation Tool. Retrieved from https://www.pcisecuritystandards.org/pci_security/small_merchant_tool/

PCI Security Standards Council. (2019). Official PCI Security Standards Council Site – Verify PCI Compliance, Download Data Security and Credit Card Security Standards. Retrieved from https://www.pcisecuritystandards.org/