Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
The payment card industry (PCI) refers to the industries related to automated teller machines (ATMs), point of sale (POS) terminals, credit, debit, prepaid and electronic money cards, and other associated industries. Mostly, PCI is directly related to the Payment Card Industry Security Standards Council (PCI SSC), which was created in 2006 by Visa Inc., MasterCard Inc., American Express Co., Japan Credit Bureau (JCB) and Discover Financial Services. The PCI SSC manages the ongoing development of the Payment Card Industry Data Security Standard (PCI DSS).
There are 12 PCI DSS requirements that must be followed for a business to qualify for compliance certification. Although compliance is technically voluntary, a failure to comply usually results in undesirable consequences. Sometimes a business that is not PCI DSS compliant lowers its industry standards and increases the likelihood of credit card fraud or security breaches. Moreover, a non-compliant business can be penalized by fines.
For a vendor to continue to accept payment card services, it must implement and monitor how its system applies the PCI DSS. Large organizations are usually audited annually, whereas smaller businesses are allowed to simply report their compliance.
The biggest concern is dealing with credit card numbers. To be compliant, a vendor must encrypt card numbers prior to transmitting them over a network. Credit card numbers mut also be stored in a secure environment.