Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard, commonly abbreviated as the PCI or PCI -DSS is a set of rules in payments, which refers to the processing of credit card transactions and is supported by all the major credit card organizations.

Commercial enterprise and which store credit card transactions, transmit, or handle service must comply with the regulations. Keep not mind, penalties can be imposed, pronounced limitations, or they ultimately the acceptance of credit cards are prohibited.

The rules consist of a list of twelve demands on the computer networks of companies:

PCI is based on the Visa Account Information Security Program (AIS and its sister program CISP ), the MasterCard Site Data Protection Program ( SDP ), the American Express Security Operating Policy ( DSOP ), the Discover Information Security and compliance ( DISC) and the JCB safety rules.

Compliance with the rules is reviewed depending on the volume of transactions of the company:

  • Retailer or service provider who process more than 6 million credit card transactions per year, already succumbed to an attack by another card company as " Level 1" have been characterized or where card data has been compromised, their computer network must quarterly by an external security scans by MasterCard be authorized Scan Vendor ( ASV) check and let additionally once a year, on-site inspection (audit) by an independent, certified by VISA company ( QSA ) or a special, appointed safety officers perform.
  • Dealers that handle 20000-6 million credit card transactions per year must have their computer network, also by means of an external security scans by an approved MasterCard Approved Scanning Vendor ( ASV) quarterly check and additionally once in a PCI Questionnaire ( Self- Assessment Questionnaire SAQ ) fill.
  • E -commerce merchants that are less than 1 million credit card transactions annually conduct ( Level 3 and 4), have since 1 October 2009 commission a PCI DSS certified service provider with the handling of the complete credit card transactions, or its acquirer 's own PCI DSS certifcation prove by completing the PCI Self- Assessment Questionnaire (SAQ ) and possibly conduct a quarterly security scan by an authorized by the PCI Security standards Council approved Scanning Vendor ( ASV). (Visa Member Letter VE 33/ 08 of 24 September 2008 )

Version

The current version of the PCI DSS is: V3.0 of 7 November 2013.

Japan Credit Bureau
639240
de