<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=905697862838810&amp;ev=PageView&amp;noscript=1">

Subscribe

    Introduction to the Payment Card Industry Data Security Standard (PCI DSS)

    Many of the lenders we partner with often feel like there's a never-ending list of regulatory and compliance requirements to meet. However, if you're lending, you're most likely accepting borrower payments, and you need to be informed about the intricacies of PCI DSS, or the Payment Card Industry Data Security Standard.

    What is PCI DSS?

    The Payment Card Industry Data Security Standard (PCI DSS) is a group of standard security processes aimed at guarding the acceptance, processing, storage, and transmission of credit card data. The standards were created and agreed upon by major credit card payment companies, and those credit card companies are responsible for ensuring compliance. All organizations that accept, transmit, or store American Express, Discover, JCB, MasterCard, or Visa credit card data are expected to comply with mandates of the PCI DSS.

    Why is PCI DSS important?

    Unfortunately, fraud and security breaches are rampant. In fact, according to Experian, almost half of all organizations fell victim to a security breach in the last year. Safety of credit card customers' information is the main goal of the PCI DSS. Recognizing consumers' need for greater security in credit card transactions, the major credit card companies established the PCI DSS in an effort to safeguard credit card users against having their information misappropriated or misused. The standards cover protection of stored data, encryption of transmitted data, and controls at all points in the payment process, including back-end storage and card holder data usage.

    Related reading: 5 Useful Tips to Protect Your Financial Institution from Cyber Attacks

    PCI DSS requirements

    The PCI DSS outlines six goals and 12 specific steps that credit card handlers and processors must take to ensure the security of their account holders' card data.

    Goal

    PCI DSS requirement

    Build and maintain secure network

    1. Install and maintain firewall configuration to protect card holder data

    2. Do not use vendor-supplied defaults for system passwords or other security parameters

    Protect card holder data

    3. Protect stored card holder data

    4. Encrypt transmission of card holder data across open, public networks

    Maintain vulnerability management program

    5. Use and regularly update anti-virus software or programs

    6. Develop and maintain secure systems and applications

    Implement strong access control measures

    7. Restrict access to card holder data by business need-to-know

    8. Assign unique ID to each individual with computer access

    9. Restrict physical access to card holder data

    Regularly monitor and test networks

    10. Track and monitor all access to network resources and card holder data

    11. Regularly test security systems and processes

    Maintain information security policy

    12. Maintain policy that addresses information security for all personnel

    How the PCI DSS affects your financial institution

    Since all companies that accept, transmit, or store credit card data must comply with the PCI DSS, it's very likely your financial institution is subject to compliance. Even if you use a third-party credit card processing company, you still must comply and are held accountable. If your financial institution suffers a security breach and the Payment Card Industry Security Standards Council (PCI SSC, the governing body that enforces the PCI DSS) finds that your institution is in violation of any PCI DSS edict(s), you may be subject to fines of $5,000 to $100,000 per month!

    The rules and regulations that apply to financial institutions are indeed vast. I hope this summary of the PCI DSS helped you understand what and how you must comply. For more specific guidance on the changing landscape of consumer payments, click here.

    Image

    You may also like:

    Fraud & Cyber Security Technology Payments

    How RegTech is Improving Efficiency in the Financial Services Industry

    Regulatory technology, or RegTech, was developed in the wake of the FinTech revolution and has been continuously expandi...

    Fraud & Cyber Security Payments

    4 Fraud Trends Impacting Consumers and Financial Institutions in 2020

    As the industry and consumers are adjusting to a new normal after the global spread of COVID-19, fraudsters are changing...

    Fraud & Cyber Security Payments

    Preventing Online Account Origination Fraud

    As consumer demand for more online banking services grows, fraudsters are finding more and more ways to exploit these se...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Blog-CTA-Icon_Webinar-Video

    FREE Webinar

    SWBC 2024 Economic Forecast

    Join our experts as they discuss the state of the economy in 2024 and beyond. 

    On Demand | Duration: 75 minutes

    Watch Now