Payment Card Industry Data Security Standard (PCI DSS) is a framework developed by major card brands and enforced by the PCI Security Standard Council (PCI SSC). PCI DSS was developed with the aim to protect cardholder data.
Cardholder data refers to all the information on a customer’s payment card. So, this will include Primary Account Number (PAN), cardholder name, service code, expiration date, and Sensitive Authentication Data which includes the Full Magnetic Stripe Data, CAV2/CVC2/CVV2/CID, PIN/PIN Block to name a few.
It is a standard applicable to all Merchants, and Service Providers collecting, storing, processing, and transmitting cardholder data. So, those who do not deal with the cardholder data automatically provide stronger security by eliminating the key target for data theft and so they automatically fall out of scope for PCI DSS Compliance.
Whether you are a start-up or a large multinational company. Businesses must always be compliant and validate for compliance annually if they wish to accept card payments. It is generally mandated by all the major credit card companies and is outlined in all the credit card network agreements. Complying with PCI DSS will ensure the security of credit card transactions in the payments industry.
Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.
