PCI – DSS and Cardholder Security
The Payment Card Industry Data Security Standard (PCI DSS) was formed in 2004 by Visa, MasterCard, Discover Card and American express with the goal of creating a set of policies and procedures to enhance the security of credit, debit and cash transactions as well as protect cardholder information. The PDC DSS has set forth six major objectives:
- A secure network must be maintained in which transactions can be conducted. 2 – Cardholder information must be protected and secure wherever it is stored.
- Systems should be protected against the activities of malicious hackers by using frequently updated anti-virus, anti-spyware programs, and other anti-malware solutions.
- Access to system information and operations should be restricted and controlled.
- Networks must be constantly monitored and regularly tested to ensure that all security measures and processes in place, are functioning properly, and are kept up to date.
- A formal information security policy must be defined, maintained, and followed at all time and by all participating entities.
By complying with PCI DSS regulations merchants are protected against law suits from Visa, MasterCard, Discover Card and American Express in the event that card holder information is obtained and misused by persons other then the card holder.
Though PCI DSS has been set in place, the ultimate responsibility rests with the merchant. It is up to the merchant to maintain compliance with PCI DSS regulations, maintain a secure network and maintain a company security policy to protect against cardholder information theft.