Incidents of ID theft and payment card fraud have skyrocketed in the last two years.

Organizations that process card transactions and/or store payment information are scrambling to keep up with these attacks and effectively safeguard consumer information.

To assist in that effort, the card associations updated the Payment Card Industry (PCI) Data Security Standard in 2006. VISA, MasterCard, Novus and American Express collaborated in developing the PCI DSS to ensure a consistent approach to protecting consumers’ sensitive data. By adhering to this security standard, retailers, service providers and allied organizations can dramatically reduce the vulnerabilities that are easily exploited for the purpose of compromising corporate data.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures associated with payment card account data.

It is intended to help organizations proactively protect account data. All merchants doing business with VISA, MasterCard, Novus, American Express and other association members, regardless of the annual transaction volume, are required to follow the standard, or face substantial fines levied by the card associations. However, adhering to the standard is often easier said than done.

PCI contains a fairly comprehensive set of technical, physical and administrative requirements. Implementing a compliance program, and maintaining a strong security posture capable of warding off attacks has proved to be a significant challenge for a majority of affected organizations. Gathering information for self-assessments and preparing for third-party audits only increases the workload of the
IT staff.

Many affected organizations lack the performance measurement capabilities and validation processes necessary to prove compliance and appropriate diligence in managing cardholder information.