What is PCI DSS and why do I need it?Originally the five main payment card brands, Visa, MasterCard, American Express, Discover, and JCB, all had their own security programs. Each of these five brands had the same goal: to create another layer of security for their customers in order to limit their liability for credit card data theft. As time went by, all of these brands realized this need should be a collaborative effort, thus forming the PCI Security Standards Council (SSC). From this point, the council created the PCI Data Security Standard (DSS) which was based on all of the requirements and security programs of the major five brands. On September 15, 2004, the first published version of the PCI DSS was issued. After the first version was issued, three updated versions followed: version 1.1 which was released in September 2006, version 1.2 which was released in October 2008, and version 2.0 which was released in October 2010. This brings us to the second portion of the above mentioned question: why do I need it? There are several reasons why there is a need for compliance with PCI DSS. The first reason is because credit card companies mandate it, and your business could be placed in jeopardy if compliance is not met. The second reason is because PCI compliancy is now considered to be a business enabler. If your business does not meet these standards, it is considered to be a diminishing option. As business continues, it will become increasingly difficult to operate without PCI compliance. |