Not all data is created equal. Long ago the finance industry realized that credit card data was a special case - a type of data that needs to be protected at all costs, along with the entire data delivery and payment processing chain. Money has always attracted criminal attention, but in the digital age, criminals are less focused on stealing cash at gunpoint. They are focused on data that can provide access to money, and that's where PCI compliance comes in.
What Is PCI
The Payment Card Industry Data Security Standards (PCI DSS) is a set of guidelines established for ensuring organizations protect the credit card information and related sensitive data as it moves between systems and stored in repositories. In 2006 The Payment Card Industry Security Standards Council (PCI SSC) was formed to mandate the development of the PCI DSS.
Who Needs PCI Compliance
Any organization that handles cardholder data (CD) and/or sensitive authentication data needs to comply with the PCI DSS. If you accept, transmit, or store credit card data—even if the data “just” passes through your system—you need to be PCI DSS compliant.
Cardholder Data (CD) encompasses all personally identifiable information (PII) that relates to a person who owns a credit or ...
Read More on Datafloq
No comments:
Post a Comment