If you’re new to the world of subscription billing, then there is a whole new dictionary of financial jargon and acronyms that comes with the market to contend with. Here at Billsby, as part of our ‘acronym buster’ series we are going to help you grasp these trickier concepts.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle the major payment cards.
A little slice of payments and data security history here. The five major card companies: Visa, Mastercard, American Express, Discover and JCB all set up separate data security programs in the early 2000s. The ambitions of these independent programs were fairly similar: they all wished to create an extra level of protection for card issuers by making sure that merchants meet minimum levels of security when they store, process and transmit cardholder data. These security programs being separate created an operational nightmare for a merchant to accept more than one card type. In December 2004 it was therefore decided that these systems should be aligned and thus PCI DSS 1.0 was released.
Essentially PCI DSS assists merchants to understand and implement standards for security policies and processes that protect their payment systems from breaches and theft of customer data
The PCI DSS specifies twelve requirements for compliance which are organised into six logically related groups – which are referred to as “Control objectives”:
- Build & Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain and Information Security Policy
Essentially PCI DSS helps companies implement standards for creating secure payment solutions. Here at Billsby we are fully PCI DSS compliant, this means that if you’re one of our customers you needn’t worry about handling card data – we’ll do that all for you!