Payment Card Industry - PCI
The Payment Card Industry (PCI) is an organization originally founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc. and members representing various businesses associated with debit, credit, prepaid, e-purse, ATM and POS payment platforms. This organization is also known and referred to as the PCI Security Standards Council (PCI-SSC). PCI-SSC primary function is to develop and implement security standards associated with the various payment platforms.
Currently, there are three main standards categories that cover a range of concerns encompassing how payment information is gathered, stored and passed through the global electronic payment networks.
PCI Data Security Standard or PCI-DSS?
PCI-DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
PCI PIN Transaction Security or PCI-PTS?
The PCI-PTS standard encompasses the actual physical and/or logical security of the Point-Of-Sale (POS) devices or terminals, whether attended and manned by merchants, or unattended (UPT) such as parking payment and similar automated machines.
Payment Application Data Security Standard or PA-DSS?
PA-DSS is a program providing guidance to software vendors to ensure their applications and processes are supportive of the guidelines and safeguards proposed and established through the varies sub-committees. The vendors who develop secure electronic payment applications and platforms, known as virtual terminals and Payment gateways, are required to support these standards to promote safe handling of customer sensitive date both during and after the transaction. Such sensitive data considered prohibited for storage are full magnetic stripe, CVV2 or PIN data.
Payment applications that are sold, distributed or licensed to third parties are also subject to the PA-DSS requirements as set forth by the respective councils and committees.
PCI and University of the Pacific
The standards set forth by the Payment Card Industry are not laws but standards. These standards are industry requirements and Pacific is contractually obligated to comply with, at a minimum, these standards as set forth by the PCI Council. Violation and non-adherence to the standards will results in severe fines and penalties.