Protecting Credit Card Data: How to Achieve PCI Compliance
These days, anyone who owns a credit card is familiar with the problem of identity theft, in which technology-savvy thieves extract customer credit and debit card information from unsecured databases. It’s a problem that affects everyone in the retail supply chain — the payment card companies, the banks, the retailers, and the individual customers whose identities are compromised. And while there are many ways to implement network protection, some retail- ers have delayed updating databases and networks with the latest authentication and encryption safeguards. Meanwhile, electronic thieves have been proactive in nding and attacking vulnerable networks. The problem has worsened over the years, especially with more and more retailers implementing wireless technology, which opens a new set of challenges. As technology proceeds in providing ease of use for consumers and stores alike, payment card security standards have been lax at best, especially in the United States, where credit card companies own the responsibility to protect the consumer data. Burdened by this liability, several credit card companies have joined forces to establish the Payment Card Industry (PCI) council, in order to create a common and accepted set of security guidelines. These guidelines are designed to keep retailers and their customers from falling victim to identity theft -- to ensure that credit card data is protected.
History of the PCI Data Security Standard
Established in 2005 by a group of major credit • card companies, the Payment Card Industry Data Security Standard (PCI-DSS) comprises a set of security guidelines that are designed to help retailers prevent credit card fraud and identity theft. In a • nutshell, any company that processes, stores, or transmits credit card numbers must comply with the PCI DSS standard. Visa International, MasterCard Worldwide, Discover Financial Services, JSI, and • American Express all require PCI compliance of the retail companies that run their customers’ credit cards. And any company that fails to comply with the requirements may risk stiff penalties.
A governing body called the PCI Standards Council updated the standard in 2006. The current set of requirements is known as PCI v. 1.1, and retailers are required to comply with that version by September • 2007. The Council anticipates that it will release technical updates to the standard once a year or even less than that, depending on emerging threats and industry trends. Notwithstanding such updates, • the basic requirements of the PCI guidelines have remained pretty constant. The PCI DSS includes the following set of rules: