PCI Defined The Payment Card Industry (PCI) Data Security Standard (PCI DSS) requires businesses to protect credit cardholder information.
It is a contractual agreement that outlines a private technical standard for how sensitive data is handled. It is a service requirement that the credit card companies provide to merchants. All merchants and service providers who handle, transmit, store, or process information concerning any of these cards, or related card data, are required to be compliant with PCI. Fulfilling the contractual obligation involves a process of verifying compliance by following a set of IT procedures that range from standard configurations, best practices, change management procedures, and validation.
Penalties
As of September 30, 2007, a merchant may be fined up to $100,000 per month if they are not compliant with PCI DSS. If there is an incident of data compromise, the fines may reach up to $500,000 per incident. In addition, noncompliant merchants may be banned from performing credit card transactions.
Acquiring banks that fail to ensure compliance by September 30, 2007 will be assessed fines starting at $5,000 a month for each noncompliant merchant. The fines increase to $25,000 per month after December 31, 2007.
How We Help
TraceSecurity is an approved PCI DSS scanning vendor, and is fully certified to assess PCI DSS compliance. We provide a highly-automated, cost-effective way for organizations to achieve PCI compliance.
Our solution, TraceSecurity Compliance Manager PCI, automates the process of PCI compliance. Delivered as an on-demand service over the web, Compliance Manager PCI provides PCI compliance testing and reporting. Compliance Manager PCI also provides an easy-to-use interface which enables merchants and member service providers to complete the PCI self-assessment questionnaire and conduct security scans to efficiently identify and eliminate security vulnerabilities.
