PCI DSS Guide For Beginners

By: A Nutt

Developed by the major credit card companies, PCI DSS stands for Payment Card Industry Data Security Standard, and was designed to prevent credit card fraud when stores and other organizations process credit card transactions. It is mandatory that a business that stores, processes, or transmits credit card data be PCI DSS compliant. If they are not, then they can lose their privileges that allow them to process these transactions or they can be severely fined.

Here is what PCI DSS does for an organization that processes credit card transactions:

• Protects cardholder data that is being transmitted through the installation of a firewall system.
• Protects cardholder data that is stored within a system.
• Does not allow physical access to credit card data.
• Networks in which credit card data is transmitted is encrypted.
• Does not allow "Business need-to-know" access to cardholder data.

All merchants and organizations using PCI DSS must periodically validate their compliance with the system. This is usually done via auditors. However, smaller companies that process less than 80,000 transactions annually can simply fill out a self-assessment questionnaire.

Consumer protection

The credit card has become the primary way in which many people pay for goods and services and the consumer is concerned about the security of their accounts because of this. They do not want someone having access to their account information, which can lead to identity theft. Instead, they want to know that their information is secure and that's exactly what PCI DSS does for the customer. It secures their information so that no other parties have access to their name, address, phone number, social security number, license number, and other pieces of data that can lead to strangers taking this information and using it for their own benefit.

The consumer can feel secure that PCI DSS regulates the policies, the procedures, the architecture of the network, the design of the managing software, management of the security standards, and all protective measures mainly for the protection of the consumer. It is true that PCI DSS does offer protection for the business, but it is the consumer that is the target by those who wish to steal information. As a result, businesses may be attacked by individuals wishing to steal information, but having PCI DSS in place prevents access to this information.

Business protection

A business that houses and transmits large quantities of consumer credit card data can be the target of hackers wishing to gain access to that information. Without PCI DSS in place, this information would be easy to access. However, a business must employ PCI DSS or faces losing their credit card privileges or pay large fines. They could lose a lot of business this way since a majority of consumers use credit cards to pay for their transactions. The business is protected by using PCI DSS in that they can accept credit cards to increase their profitability and are protected from credit card disputes from the customer that alleges fraud. They have record keeping that allows them to settle these disputes and the system is designed to prevent the fraud. If in the rare instance that credit card fraud does occur, the PCI DSS system helps the business provide the proper evidence that shows where the fraud took place and allows the dispute to be settled properly.

PCI DSS is put in place to benefit the consumer and regulate the business in respect to credit card use. Without it, performing a transaction via credit card would be a risky transaction and that is why the credit card companies put PCI DSS in place. The consumer and the business should be able to be confident about all phases of the transaction and that is what this security system does.

Computers
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 
 • 

» More on Computers
 



Share this article :
Click to see more related articles