Table of Contents
What is PCI compliance?
Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security Standard (PCI DSS) compliance, refers to the technical and operational standards businesses must follow to protect cardholder credit card data. PCI security is enforced by the PCI Standards Council, and all businesses that store, process, or transmit credit card data electronically are required to follow its compliance guidelines. If merchants do not handle credit card information properly, user card information can potentially be hacked and stolen, then used to make fraudulent purchases. Additionally, sensitive cardholder information could be used for iddentity fraud.
PCI DSS requires that all Level 1 businesses (with more than 6 million credit card transactions per year) undergo a yearly PCI audit conducted by a qualified auditor. Though these are industry rules rather than laws, the risks involved with noncompliance can be significant including penalties, lawsuits, and erosion of a company’s brand image and trust.
Solutions that provide automated vulnerability detection and defenses can be very effective components of PCI DSS compliance programs.