Technology has revolutionized the payment card industry, and that’s putting it lightly. When mobile phones came in briefcase-sized bags, payment card transactions took place using a knuckle-buster, a manual imprint device that attached a paper copy of full credit card numbers to every transaction.
With technology, the use of electronic point of sale terminals and digital payment card devices expanded exponentially in the 1990s and merchants seized the opportunity to simplify the payment card transaction process. Credit cards had magnetic stripes on the back and imprinters gave way to stripe readers. A decade later, credit card companies started embedding chips for encrypted authentication processes between merchants, payment processing networks, and credit card companies.
This evolution has realized incredible progress in the payment card industry, but with increased technology comes increased risk.
With each payment card transaction, there are multiple parties responsible for different steps of the transaction: vendors, payment transaction devices, payment processing networks, and more. Just one weak link can bring down the entire ecosystem, but there is a rather significant safety net in place.
In 2006, the major credit card companies met to form an external oversight body and the result was the Payment Card Industry Security Standards Council. The Council’s goal was to establish uniform security guidelines to protect cardholder data in payment card transactions and minimize the risk of data leaks from security vulnerabilities.
The Security Standards Council outlines requirements for parties involved in payment card transactions to protect cardholder data, right down to the encryption of the data supported by smart chip technology.
The Council outlined a set of specific requirements for all parties who process payment card transactions in the Payment Card Industry Data Security Standards (PCI DSS), with a focus on how to safeguard cardholder account information. These requirements impact your technology, and more specifically how cardholder financial account data is stored, accessed, and processed.
Security requirements for cardholder information are outlined in the PCI DSS, divided into key areas:
For a summarized version of the PCI DSS requirements, check out the Quick Reference Guide and learn the minimum security measures businesses must take to be PCI DSS compliant.
PCI compliance means your business meets the minimum requirements for securing cardholder data – but it also means your business is better protected from security vulnerabilities, and from the significant fines faced by non-compliant parties who process payment card transactions while putting cardholders at great risk of credit card fraud, identity theft, and more.
Why should your business be PCI compliant? Your vendors, partners, and customers can trust that you are taking steps to secure cardholder financial account information while protecting your business, which is good for everyone.
PCI compliance should be a priority.