Card Data Security
Credit and debit card data theft has profoundly impacted businesses, consumers, and financial institutions nationwide. To combat this issue, the five major card brands (Visa Inc., MasterCard Worldwide®, Discover®, American Express®, and JCB International®) collaborated and established the Payment Card Industry's Security Standards Council (PCI SSC) to administer the PCI Data Security Standard (PCI DSS) and Payment Applications Data Security Standard (PA-DSS), regulate evolving security requirements, support Qualified Security Assessor testing and lab methodologies, and to oversee the approval processes for payment applications.
Protecting critical information and ensuring system security is more than just ethical business practice; today, it is a requirement. Any application that stores, processes, or transmits cardholder data for the purpose of authorization and/or settlement falls under the scope of the PCI DSS. Furthermore, if the application is sold to third parties, it also falls within the PA-DSS scope.
Every business, regardless of their transaction processing volume, must be compliant with PCI DSS, and all payment applications used must be PA-DSS validated. Achieving compliance with all security standards set forth by the PCI SSC not only demands the responsibility of merchants, but also quality security advisors (QSAs), software developers, point-of-sale vendors, processing equipment manufacturers, and merchant service providers. It is important that each party administer their appropriate roles to help make this process as easy and efficient for merchants as possible.
In an effort to help our customers achieve PCI DSS compliance, we have teamed up with ControlScan™ Learn more.
To help developers validate their payment applications, we have joined forces with Trustwave® Learn more.