|
The PCI Security Standards Council was
founded by American Express, Discover
Financial Services, JCB, MasterCard
Worldwide, and Visa International as an
independent body to ensure the security
of sensitive information handled by
merchants and payment processors. The
PCI Security Standards Council Web site
contains all formal PCI documentation,
as well as extensive supporting
documentation including a glossary,
assessment validation requirements, and
a self-assessment questionnaire.
PCI DSS Requirements
The core of PCI centers around six
high-level control objectives. These
control objectives are intended to help
protect cardholder data and protect
organizations that process, store or
transmit cardholder data. The control
objectives are broken down into 12
detailed security requirements, which
are further partitioned into detailed
sub-requirements that specify
technologies, policies and procedures
necessary for protecting cardholder
data.
PCI Merchant Levels
Each payment card brand categorizes
merchants within the PCI DSS construct
slightly differently. These
categorizations are based on number and
type of annual transactions, and
previous compromises to card data
security. Any merchant that accepts a
particular card brand as a form of
payment must meet the requirements of
that brand. More information on merchant
levels can be found on payment card
sites.
Individual Payment
Card Security Programs
While each payment brand
participates in the PCI Security
Standards Council, each brand maintains
unique programs designed to protect
cardholder data and enforce the PCI
standard. Read more about each of their
programs on the individual card sites.
|
