In light of the increasing number of cases of card data abuse, the card organisations – primarily Visa, MasterCard, JCB, Diners Club and Discover – created the PCI DSS with a view to increasing the level of security for card payments and thus protecting both merchants and card holders more effectively.
Who is obliged to comply with the PCI DSS?
In principle, all parties involved in handling card transactions are required to adhere to the security standard:
- Merchants, who transmit, process and/or store card data
- Payment service providers (PSPs; companies which handle card payments on behalf of a merchant)
- Data storage entities (DSE; companies which store card data on behalf of a merchant)
- Acquirers such as SIX Multipay
What controls are implemented to ensure compliance with the PCI DSS?
The companies concerned must have their security precautions certified on a regular basis. The certification process ranges from completing a self-assessment questionnaire to an on-site inspection of security precautions.
What effect do the PCI DSS certification measures have?
The companies concerned must provide proof that they have taken all necessary technical and organisational precautions to ensure the security of the card data that they handle.
Who monitors compliance with the PCI DSS?
The certification procedure is performed by a company which has been authorised by Visa, MasterCard, JCB, Diners Club, Discover for that purpose.
Where can I find out more about the PCI DSS?
You can find more detailed information concerning the PCI DSS in our leaflet entitled “Instructions for contractual partners concerning compliance with the PCI security precautions” or by visiting the official PCI Council web site at www.pcisecuritystandards.org.
