PCI security standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all entities that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council, American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
As an expert in the electronic payments industry, we offer specialized services to assist merchants with their responsibility to validate their compliance under the PCI-DSS (Payment Card Industry Data Security Standard) overseen by the PCI Security Standards Council.
The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS. PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. It consists of common sense steps that mirror security best practices.
Security Controls and Processes for PCI DSS Requirements
The goal of the PCI Data Security Standard (PCI DSS) is to protect cardholder data wherever it is processed, stored or transmitted. The security controls and processes required by PCI DSS are vital for protecting cardholder account data, including the PAN – the primary account number printed on the front of a payment card. Merchants and any other service providers involved with payment card processing must never store sensitive authentication data after authorization. This includes sensitive data that is printed on a card, or stored on a card’s magnetic stripe or chip – and personal identification numbers entered by the cardholder.
Using the Self-Assessment Questionnaire (SAQ)
The SAQ is a validation tool for eligible merchants and service providers who self-assess their PCI DSS compliance and who are not required to submit a Report on Compliance (ROC). The SAQ includes a series of yes-or-no questions for compliance. If an answer is no, the organization must state the future remediation date and associated actions. In order to align more closely with merchants and their compliance validation process, the SAQs provide flexibility based on the complexity of particular merchant environments (see chart below). The PCI DSS Self-Assessment Questionnaire Guidelines and Instructions document provides more details on each SAQ type (see www.pcisecuritystandards.org).
Interested in learning more?
Childers Business Consulting | 4507 NW 5th Blvd | Gainesville, FL 32609 | (352) 443-9236 Tel | (352) 373-6896 Fax
North American Bancard is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA., The Bancorp Bank, Philadelphia, PA, and BMO Harris N.A., Chicago, IL.
Harbortouch is a registered ISO/MSP of Westamerica Bank, 3750 Westwind Blvd., Suite #210, Santa Rosa, CA 95403. Harbortouch is a registered ISO/MSP of Merrick Bank, South Jordan, UT.
Total Merchant Services is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA.
Capital Bankcard is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA., US Bank-Minneapolis MN, NA, Buffalo, NY, and Elavon, Inc., Atlanta, GA.
American Express and Discover require separate approval.