Whitepapers
Webinars
Credit Card Glossary
Security
PCI Compliance Information
PCI DSS Standards

PCI Compliance Information 

Data security, credit card fraud and identity theft are hot topics around the globe in any industry. Companies are concerned about protecting databases that contain confidential information on customers and employees. The United States Federal Trade Commission estimates that as many as 10 million Americans have their identities stolen each year and there are numerous press headlines about the topic on any give day.

In response to this threat, the Payment Card Industry (PCI) Data Security Standard (DSS) was created by major credit card companies to safeguard customer information. PCI DSS represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.

PCI compliance mandates that merchants and service providers meet minimum standards of security to protect confidential customer information. The risk of data theft is an enormous liability for any organization because the credit card associations will levy fines on the offending organization and the public will lose confidence in that company. There are 12 steps required to ensure an organization is in compliance with PCI standards. View Compliance Standards

The standard is enforced by merchant banks (on behalf of the networks) and penalties for non-compliance can be as much as $500,000 per incident, not to mention the cost of making headline news as a result of data integrity compromises.

PCI standards, which apply to store merchants, banks, service providers and card processors, aim to reduce the risk of a security threat by mandating the proper use of firewalls, message encryption, computer access controls and antivirus software. They also require frequent security audits and network monitoring and forbid the use of default passwords.

Paymetric focuses on steps three and four of the PCI Compliance Standard to helps companies to protect their cardholder data.

PCI Requirements to Protect Cardholder Data

(PCI Requirement 3 - Step 3)
Encryption is a critical component of cardholder data protection. If an intruder circumvents other network security controls and gains access to encrypted data, without the proper cryptographic keys, the data is unreadable and unusable to that person.

3.5.2 Store keys securely in the fewest possible locations and forms.

3.6.3 Secure key storage

3.6.4 Periodic changing of keys

  • As deemed necessary and recommended by the associated application (for example, re-keying); preferably automatically
  • At least annually.

Click here for more information on Paymetric's PCI solutions

View Upcoming Webinars