Payment Card Industry (PCI) Data Security Standard - Security measures required by merchants and service providers to protect cardholder information.

The PCI Data Security Standard establishes a global set of security measures to ensure safe handling of cardholder information. To protect your business, your customers (cardholders), and the integrity of the payment system, each of the card companies has in place a set of requirements governing the safekeeping of account information. More information on PCI compliance can be found at PCI Compliance Guide.org.

Merchants and service providers must demonstrate compliance to their respective acquirer(s) by adhering to quarterly and annual audits by independent third-party providers.

Having a thorough security assessment conducted by an unbiased consulting firm, such as NCX Group, will identify where vulnerabilities are within your processes, help prioritize security risks, and specify steps to mitigate deficiencies. An information security review will not only lay the groundwork for PCI compliancy, but also establish a clear-cut path to reduce unnecessary costs while implementing the correct technology to adhere to PCI security regulations.

For information on NCX Group's Secure24 Comprehensive Security Review, please click here.

The Payment Card Industry (PCI) Data Security Standard is a set of security requirements for merchants and service providers that store, process or transmit cardholder data.

Backed by Visa, MasterCard, American Express, Discover Card, Diners Club and JCB, the standard requires retailers to carry out a 12-step security audit and validate compliance. Merchant or service providers that do not comply with the mandated security requirements face stiff fines and may be prohibited from participating in the programs of the various payment card brands.

	Who is Affected? Merchants and service providers that store, process or transmit payment card information.
	What's Covered? All cardholder account data and personal information including name, account number, expiration date and service code. Transaction information such as discretionary card-read data, CVC 2 data, PIN data, and address verification service (AVS) data MUST be destroyed or violators will face significant consequences.
	Key Dates June 30, 2005 mandatory compliance. Validation requirements have been prioritized and defined based on Levels 1,2,3, or 4 according to the annual volume of payment card transactions.
	Penalties for non-compliance Failure to comply with PCI security requirements will result in significant fines. Visa has notified its members will be fined up to $500,000 for each incident where a merchant or service provider has been compromised and not compliant at the time of incident. Members may also be banned from processing transactions using payment cards. In addition, failure of a Visa member to immediately notify Visa USA Fraud Control of suspected or confirmed loss or theft of any Visa transaction information will be subject to a penalty of $100,000 per incident.
	What can you do? Improving your network security and processes is always cheaper than reacting to a security breach. Understanding and controlling the threats to cardholder information requires continuous risk management. Key aspects of mitigating these risks are: Obtain regular independent information security evaluations. Implement controls that assess information security risks. Document and review information security processes.
	Other PCI Resources These links will open in a new window: PCI Data Security Standard Visa's Cardholder Information Security Program (CISP) for Merchants Visa's Cardholder Information Security Program for Service Providers Master Card Site Data Protection Program (SDP)for Merchants Master Card Site Data Protection Program (SDP) for Service Providers American Express Data Security Requirements Discover Information Security and Compliance (DISC)

This information is provided as a service based on NCX Group's interpretation of the PCI Data Security Standard. NCX Group, Inc. assumes no liability for any errors, omissions or misinterpretations arising from this information. Please consult your Card Brand Acquirer for specific information.

Return to Security Compliance Home Page