Payment Card Industry (PCI) Data Security Standard (DSS) represents a common set of technical requirements and testing methodologies created to help ensure the safe handling of sensitive information. It was initially created to align the separate security programs of MasterCard and Visa, and later was adopted by other major card programs. In 2006, the PCI Security Standards Council was created to govern the security standards for the payment industry. Founding members of the council included American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.
According to the Council: “The PCI DSS is a multi-faceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.”
In practical terms, the PCI DSS is a set of 12 general requirements grouped into six areas: build and maintain a secure network; protect cardholder data; maintain a vulnerability management program; implement strong access control measures; regularly monitor and test networks; and maintain an information security policy.
There are two things to understand about PCI DSS:
- These standards are not optional — acceptance of payment cards anywhere on campus makes us subject to the standards.
- There can be significant financial costs to non-compliance.